NESTA Crime Online - University of Brighton Repository

More documents

Recommendations

Info

The trend towards the development and marketing of user-friendly tools for criminal exploitation is rapidly developing into crimeware-as-a-service (CaaS, see below). The emergence of crimeware as a service releases criminals from having to deal with the technical challenges of cybercrimes. Some of these services include crimeware toolkits. As noted above, these provide readymade tools for criminals to gather and sort out the data stolen, minimising the necessary coding skills to operate them. 211 The director of security strategies from a large IT multinational said “for subscriptions starting as low as $20 per month, such enterprises sell "fully managed exploit engines" that spyware distributors and spammers can use to infiltrate systems worldwide. 212 It is likely that CaaS will increasingly hamper the ability of law enforcement to track malicious hackers. One respected commentator has argued that the virtual relationships within online communities “[…] encourage the social deskilling of the individual through the specialisation and compartmentalisation of interactions.” 213 However, the examples presented above suggest both increasing acquisition of technical skills and deskilling, depending on the type and activity of cybercrime. Consequently, capability is being spread across a dramatically increasing range and number of users. Highly capable cybercriminals are developing skills that will harvest data worth vast sums of money. However, a barely capable but dogmatic cybercriminal can still make an effective living with a small investment of funds and limited computer literacy. The cybercriminal ecosystem frames the environment in which networks of criminals specialise, cooperate and compete with the ultimate goal of generating an illicit profit. Their interconnection and dependence means that to pursue their individual interests, they need to became part of value chains, where different actors specialise, link and upgrade, driven by innovation. A wide variety of actors participate in the cybercrime 211 Finjan, (2008): Web Security Trends Reports, Q1. 212 Gunter Ollman quoted at: www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=90 15588. 213 Wall, D. (2007), Cybercrime: The Transformation of Crime in the Information Age, Polity Press, UK, p.33. Page 72
ecosystem at various levels, creating different business models. Some of these are explored below. 2.3 Cybercrime business models Mimicking legitimate commercial businesses, cybercriminals in the underground economy operate on a free market principle applying principles such as volume discounts, commissions and pay as you go services. The third component of the cybercrime digital ecosystem is that of business models. The position of firms and their activities in the value chain helps determine how it approaches business and generates a profit; all definitions of business models emphasise how firms make money. Business models have the added attraction of being potentially comparable across industries. Therefore, for this study, business models will refer to the way in which different cybercriminals specifically generate revenue, and the nature of the arrangements they have with their suppliers and customers in the value chain. Suppliers and customers will vary depending on the activity in question. For instance in ‘infection and distribution’ malware writers would be the suppliers of malware to their customers, the botnet owners. However, in ‘exploitation’ activities, botnet owners may supply buyers with stolen credit card details. In any given industry, the methods of doing business may vary between actors and over time. Alternative ways of conducting business can arise and change with new technologies, market opportunities and competition. There has been much speculation about the level of organisation and professionalism of cybercriminal organisations. While too little is known about the types of business models that operate in the underworld, we do know that all cybercriminals want to make money. We also know that every business model has its own inherent strengths and weaknesses. This section intends to categorise business models in cybercrime to establish a base from which to examine their potential weaknesses. While some models are quite simple, other can be more intricately woven. This preliminary study has identified three predominant business models that are briefly introduced below: off-line business models, Internet-based business models and hybrid models (combining the other two). Since most cybercrime activities take place online, Internet-based examples are more numerous. However, a significant component of Page 73
Page 1 and 2:
Research report: July 2009 Crime on
Page 3 and 4:
‘official’ statistics exist yet
Page 5 and 6:
Dynamic Capabilities The second com
Page 7 and 8:
economics (finance, micro-, macro-)
Page 9 and 10:
2.3 Cybercrime business models 73 2
Page 11 and 12:
we focus on financial cybercrime. O
Page 13 and 14:
measure all other statistical outpu
Page 15 and 16:
fraud. Their methodology is still b
Page 17 and 18:
opportunity for online theft of cre
Page 19 and 20:
However, the recent increase in fra
Page 21 and 22: penalties for those who make fraudu
Page 23 and 24: Source: Elaborated from CIFAS onlin
Page 25 and 26: The rise of online and telephone ba
Page 27 and 28: ecruitment marketplace for cybercri
Page 29 and 30: Figure 6: Origin and destination of
Page 31 and 32: corporate blackmail, spam attacks a
Page 33 and 34: Nigerian criminal gangs in North Am
Page 35 and 36: the fastest growing segments. Howev
Page 37 and 38: 2 Digital ecosystem Innovation stud
Page 39 and 40: A digital business ecosystem is one
Page 41 and 42: actors, which are increasingly dist
Page 43 and 44: Figure 8: The cybercrime value chai
Page 45 and 46: tool is used by security and networ
Page 47 and 48: writers do not necessarily know how
Page 49 and 50: conceal this. Third, the device con
Page 51 and 52: Fraud on fraudster The most recent
Page 53 and 54: and facilitated by an explosion in
Page 55 and 56: The Storm botnet case study: the su
Page 57 and 58: accelerating on a monthly basis. Wi
Page 59 and 60: improvement and the introduction of
Page 61 and 62: that employees are more concerned a
Page 63 and 64: origin or signature or a presence o
Page 65 and 66: few simple words and a web link, wh
Page 67 and 68: web 2.0 sites (such as, social netw
Page 69 and 70: Source: John Leyden, “Trojan traw
Page 71: Cybercriminals find e-gold a conven
Page 75 and 76: expertise they need to perpetrate o
Page 77 and 78: are often offered for bulk purchase
Page 79 and 80: Crimeware-as-a-Service (CaaS): Para
Page 81 and 82: no dominant force. Unlike tradition
Page 83 and 84: is taken, priority is understandabl
Page 85 and 86: particularly good one, since consta
Page 87 and 88: outreach needs to be evaluated to e
Page 89 and 90: some of these firms may have adopte
Page 91 and 92: esilience must now surely be of con
Page 93 and 94: 7) Click fraud: also called pay-per
Page 95 and 96: 20) Pharming: is a scamming practic
Page 97: Acknowledgements Numerous people as
show all

NESTA Crime Online - University of Brighton Repository

Create successful ePaper yourself

Delete template?

Save as template?