Last Updated on by SCARS Editorial Team
RSN™ Special Report: CybercrimeCybercrime Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. Hits $1.4+ TRILLION ANNUALLY
Hyper-Connected Web Of Profit Emerges, As Global Cybercriminal Revenues Hit $1.4 Trillion Annually
A Ground-Breaking Study, Commissioned By Bromium, Highlights The Emergence Of “Platform Criminality”, Exposing Cybercriminal Links To Drug Production, Human Trafficking, And Terrorism
Originally published April 2018
Bromium®, Inc., the pioneer and leader in virtualization-based endpoint security that stops advanced malwareMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts. attacks via application isolation, today announced the findings of an independent study that looked into the interconnected dynamics of cybercrime, and examines how new criminality platforms and a booming cybercrime economy have resulted in $1.5 trillion in illicitillicit Illicit means something that is not legally permitted or authorized under the law; unlicensed; unlawful. It can also mean disapproved of or not permitted for moral or ethical reasons. profits being acquired, laundered, spent and reinvested by cybercriminals. Complete findings will be presented at the RSA Conference in San Francisco by researcher Dr. Michael McGuire, Senior Lecturer in Criminology at the University of Surrey in England.
This is one of the first studies to view the dynamics of cybercrime through the lens of revenue flow and profit distribution, and not solely on the well-understood mechanisms of cybercrime. The new research exposes a cybercrime-based economy and the professionalization of cybercrime. This economy has become a self-sustaining system – an interconnected Web of Profit that blurs the lines between the legitimate and illegitimate.
The research points to an emergence of platform criminality, mirroring the platform capitalism model currently used by companies like Uber and Amazon, where data is the commodity. The report also raises concerns about new criminality models that these platforms enable, which fund broader criminalCriminal A criminal is any person who through a decision or act engages in a crime. This can be complicated, as many people break laws unknowingly, however, in our context, it is a person who makes a decision to engage in unlawful acts or to place themselves with others who do this. A criminal always has the ability to decide not to break the law, or if they initially engage in crime to stop doing it, but instead continues. activities such as human trafficking; drug production and distribution; and even terrorism.
“The findings of Dr. McGuire’s research provide shocking insight into just how widespread and profitable cybercrime has become,” commented Gregory Webb, CEO of Bromium. “The platform criminality model is productizing malware and making cybercrime as easy as shopping online. Not only is it easy to access cybercriminal tools, services and expertise: it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks as The Web of Profit continues to gain momentum. We can’t solve this problem using old thinking or outmoded technology. It’s time for new approaches.”
Revenue Generation In The Hyper-Connected Web Of Profit
Conservative estimates in The Web of Profit research show cybercriminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia. In fact, if cybercrime was a country it would have the 13th highest GDP in the world. This $1.4 trillion figure includes:
- $860 billion – Illicit/illegal online markets
- $500 billion – Theft of trade secrets/IP
- $160 billion – Data trading
- [EDITOR’S NOTE: they did not include the USD $37 billion online fraudFraud In law, fraud is intentional deception to secure unfair or unlawful gain (money or other assets), or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation) or criminal law (e.g., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements. A fraud can also be a hoax, which is a distinct concept that involves deliberate deception without the intention of gain or of materially damaging or depriving a victim. market]
- $1.6 billion – Crimeware-as-a-Service
- $1 billion – RansomwareRansomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan virus disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.
The report finds evidence that cybercrime revenues often exceed those of legitimate companies – especially at the small to medium enterprise size. In fact, revenue generation in the cybercrime economy takes place at a variety of levels – from large ‘multi-national’ operations that can make profits of over $1 billion; to smaller SME style operation where profits of $30,000-$50,000 are the norm. However, the report asserts that comparing cybercrime to a business is misleading. Cybercrime is more accurately described as an economy: “a hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting, and maintaining criminal revenues at an unprecedented scale,” says Dr. Michael McGuire.
The report suggests that there is now a growing interconnectedness and interdependence between both the illegitimate and legitimate economies. This inter-dependence is creating what Dr. McGuire terms ‘The Web of Profit’. Dr. McGuire argues that “companies and nation states now make money from The Web of Profit. They also acquire data and competitive advantages from it, and use it as a tool for strategy, global advancement and social control. There is a range of ways in which many leading and respectable online platforms are now implicated in enabling or supporting crime (albeit unwittingly, in most cases).”
Platform Criminality In A Post-Crime Era
Platform capitalism – a term used to describe the likes of Uber, Facebook and Amazon – is offering fertile ground for hackers to further their gains. Whether by hacking companies to acquire user data; intellectual property; disseminating malware; selling illegal goods and services; setting up fake shop fronts to launder money; or simply connecting buyers and sellers, it is evident that cybercriminals are adept at manipulating existing platforms for commercial gain. Yet beyond platforms being the targets and unwitting enablers of cybercrime, the report suggests they have provided inspiration – as a model of platform criminality emerges.
According to Dr. McGuire, “this is creating a kind of ‘monstrous double’ of the legitimate information economy – where data is king. The Web of Profit is not just feeding off the way wealth is generated there, it is reproducing and, in some cases, outperforming it.” The report points to the success of modern ‘platforms’ – companies like Facebook, Google and Amazon – highlighting their role as facilitators rather than creators. “The main contribution of platforms is to connect individuals with a service or product. The platforms produce nothing themselves in this process, but the end-user consumers provide platforms with the most precious of all commodities within an information-based economy – their data. We are now seeing the same thing in the cybercriminal underworld,” states Dr. McGuire.
The report shows that cybercriminal platform owners are likely to receive the biggest benefit from this new wave of cybercrime, and that the owners will distance themselves from the actual commission of crime. In fact, it has been estimated individual hackers may only earn around $30,000 per year. Managers can earn up to $2 million per job – often with just 50 stolen card details at their disposal. Dr. McGuire refers to this as a shift to ‘post-crime’ reality, where cybercriminals are taking a ‘platform capitalism’ approach to selling, rather than committing crime.
In fact, McGuire found criminal sites offering ratings, descriptions, reviews, services, and even technical and customer support. These platforms are improving the criminal ‘customer experience’ and allowing easy access to services and products that support the commission of crime on a global scale. Some examples of services and products include:
- Zero-day Adobe exploits, up to $30,000
- Zero-day iOS exploit, $250,000
- Malware exploit kit, $200-$600 per exploit
- Blackhole exploit kit, $700 for a month’s leasing, or $1,500 for a year
- Custom spywareSpyware A type of malware installed on computers or cellphones to track your actions and/or collect information without your knowledge. Some spyware can change computer settings for pharming redirection., $200
- SMS spoofingSpoofing Spoofing occurs when a caller maliciously transmits false caller ID information to increase the likelihood that you'll answer. Scammers often spoof local numbers, private companies, government agencies and other institutions. It can also apply to pretending to be an email address, or through other media. service, $20 per month
- HackerHacker A computer hacker is a computer expert who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term hacker has become associated in popular culture with a security hacker – someone who utilizes their technical know-how of bugs or exploits to break into computer systems and access data which would otherwise be unavailable to them – hacking can also be utilized by legitimate figures in legal situations. For example, law enforcement agencies sometimes use hacking techniques in order to collect evidence on criminals and other malicious actors. This could include using anonymity tools (such as a VPN, or the dark web) to mask their identities online, posing as criminals themselves. Likewise, covert world agencies can employ hacking techniques in the legal conduct of their work. Oppositely, hacking and cyber-attacks are used extra- and illegally by law enforcement and security agencies (conducting warrantless activities), and employed by State actors as a weapon of both legal and illegal warfare. for hire, around $200 for a “small” hack
These platforms fuel industrial scale revenue generation, with their own sets of digital currencies and exchanges, production zones, tools supply, technical support, global distribution mechanism and marketplaces. They deal with specialized producers, suppliers, service providers and consumers. Interestingly, advertising is a core revenue generator too: before being taken down in 2016, the ‘Kickass Torrents’ platform was worth over $54 million, with estimated $12.5-$22.3 million annually in ad revenue alone.
Reinvestment And Furthering Of Crime
As in the legitimate economy, criminal enterprises are going through digital transformation and diversifying into new areas of crime. Cybercriminals were found to be reinvesting 20% of their revenues into further crime, which suggests up to $300 billion is being used to fund future cybercrime and other serious types of crime – including drug manufacturing, human trafficking or terrorism.
For example, the takedown of Alphabay – one of the largest dark webDark Web This is a sub-level of the internet that normal search engines and everyday browsers cannot access. It’s an encrypted network that contains websites – both legal and illegal – that remain hidden from plain sight. online markets – revealed that in addition to more than 250,000 listings for illegal drugs, there were also listings for toxic chemicals, firearms, counterfeit goods, malware, and over 100,000 listings for stolen and fraudulent identification documents and access devices. This demonstrates that platform criminality can easily adapt to include other areas of crime.
The report identifies the development of cybercrime growth cycles, where money generated from cybercrime is being reinvested into further crime. Many of the larger cybercrime operations which have been detected typically reinvest revenues into expanding and developing the operation – for instance buying more crimeware, maintaining a website, paying mules, or other criminal requirements. Reinvestment also includes spending money to support other types of crime.
Dr. McGuire continues: “We can clearly link cybercrime to the spread of new psychoactive substances with over 620 new synthetic drug types on the market since 2005. Many substances of this kind are manufactured in China or India, purchased via online markets, then shipped in bulk to Europe. But there is also evidence that groups who acquire revenues from cybercrime are involved in the active production of drugs. For example, the arrest of a Dutch money launderingMoney laundering Money laundering is the illegal process of concealing the origins of money obtained illegally by passing it through a complex sequence of banking transfers or commercial transactions. Money laundering can be done through various mediums, leveraging a variety of payment vehicles, people and institutions. gangGang A gang is normally a group or society of associated criminals with a defined leadership and internal organization that identifies with or claims control over a territory or business practice in a community and engages, either individually or collectively, in illegal, and possibly violent, behavior. Online gangs are not limited by territory and may operate side by side with other gangs while engaging in crime online. Some members of criminal gangs are initiated (by going through a process of initiation), or have to prove their loyalty and right to belong by committing certain acts, usually theft or violence, or rituals. Gangs are usually rougher and more visible than scammer cartels, and more often arrested. also led to the discovery of ingredients they possessed to make ecstasy – further highlighting a material link between cybercrime actives and organized crime activities.”
The report also points to the fact that platform criminality is contributing to the issue of human trafficking. McGuire continues, “pimps frequently use the internet as a tool for gathering revenues from clients and workers, and then recycle this back into the logistics (and costs) of trafficking victims from target locations with economically vulnerable populations.”
Dr. McGuire also found a connection between cybercrime and terrorism. The report highlights one case where cybercrimesCybercrimes Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. were committed specifically to generate revenues for terrorist activities. “One British-born follower of Al Qaeda, who provided technical assistance to the terror group in relation to uploading videos, quickly realized that his technical skills could also be used to commit cybercrimes,” McGuire explains. “He began to acquire stolen credit card numbers through transactions on online forums, such as Cardplanet, gathering over 37,000 separate card data files and generating more than $3.5 million in revenues.”
“This new cybercrime economy has created new digital businesses, making it even easier to conduct cyberattacks,” said Gregory Webb, CEO of Bromium. “The walls between the criminal and legitimate worlds are blurring, and we are no longer simply dealing with ‘hackers in hoodies.’ We have to understand and tackle the underlying economic ecosystem that enables, funds and supports criminal activity on a global scale to stem the tide and better protect ourselves. By better understanding the systems that support cybercrime, the security community can better understand how to disrupt and stop them. New approaches to cybersecurity will be required.”
The Web of Profit report is available to download here (Bromium.com/cybercrime). The findings will also be discussed during the RSA Conference in San Francisco. Dr. McGuire will present the full findings during his speaker slot on April 20th from 09:00-09:45 AM on the Security Mashup track – code MASH-F01.
Into the Web of Profit is a nine-month academic study by Dr. Mike McGuire, Senior Lecturer in Criminology at Surrey University. It draws from first-hand interviews with convicted cybercriminals, data from international law enforcement agencies, financial institutions, and covert observations conducted across the Dark Web.
About Bromium, Inc.
Bromium protects your brand, data and people using virtualization-based security via application isolation. We convert an enterprise’s largest liability – endpoints – into its best defence. By combining our patented hardware-enforced containerization to deliver application isolation and control, with a distributed Sensor Network to protect across all major threat vectors and attack types, we stop malware in its tracks. Unlike traditional security technologies, Bromium automatically isolates threats and adapts to new attacks using behavioural analysis and instantly shares threat intelligence to eliminate the impact of malware. Bromium offers defence-grade security and counts a rapidly growing set of Fortune 500 companies and government agencies as customers.
About Dr. Mike McGuire
Dr. Michael McGuire joined the Department as Senior Lecturer in Criminology in September 2012. Dr. McGuire read Philosophy & Scientific method at the London School of Economics where he acquired a first-class BSc Econ and he completed his Ph.D., at Kings College London. He has subsequently developed an international profile in the study of technology and the justice system and has published widely in these areas. Contact: email@example.com
 Some caution is required in extrapolating these totals based on the sample interviewed. Given the possibility of sample bias in the types of offences cybercriminals interviewed were responsible for, it cannot be automatically assumed that cybercriminals involved in other kinds of offending would spend in the same way. More data would be required to be able to firm up these assumptions. However, even as a preliminary observation there are clearly some significant conclusions about the impact of cybercrime revenues upon cybercrime activity. It is to be hoped that by acquiring more data of this kind further researchers will be able to develop such inferences with greater precision.
WESTERN UNION REPAYMENT PROGRAM NEWS
FOR THE LATEST INFORMATION ABOUT THE WESTERN UNION REPAYMENT / REMISSION PROGRAM CLICK HERE – IT IS STILL OPEN FOR A PETITIONS FOR REPAYMENT
– – –
Tell us about your experiences with Romance Scammers in our Scams Discussion Forum on Facebook »
FAQ: How Do You Properly Report Scammers?
It is essential that law enforcement knows about scamsScams A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. & scammers, even though there is nothing (in most cases) that they can do.
Always report scams involving money lost or where you received money to:
- Local Police – ask them to take an “informational” police report – say you need it for your insurance
- Your National Police or FBIFBI FBI - Federal Bureau of Investigation The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, the FBI is also a member of the U.S. Intelligence Community and reports to both the Attorney General and the Director of National Intelligence. A leading U.S. counter-terrorism, counterintelligence, and criminal investigative organization, the FBI has jurisdiction over violations of more than 200 categories of federal crimes, including financial fraud. (www.IC3.gov)
- The ScarsSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit www.AgainstScams.org to learn more about SCARS. Worldwide Reporting Network HERE or on www.Anyscam.com
This helps your government understand the problem, and allows law enforcement to add scammers on watch lists worldwide.
Visit our NEW Main SCARS™ News & Information Facebook page for much more information about scams and online crime: www.facebook.com/SCARS.News.And.Information
To learn more about SCARS visit www.AgainstScams.org
Please be sure to report all scammers HERE or on www.Anyscam.com
All original content is Copyright © 1991 – 2018 SCARS All Rights Reserved Worldwide & Webwide – RSN/Romance Scams Now & SCARS/Society of Citizens Against Romance Scams are all trademarks of Society of Citizens Against Romance Scams Inc.
Reporting Scammers, Arrest Scammers, AVOID SCAMS, ROMANCE SCAMS, NIGERIAN SCAMMERS, ROMANCE SCAMS NOW, GHANA SCAMMERS, FAKE PROFILES, FACEBOOK SCAMMERS, BOYCOTT AFRICAN COFFEE