Cyber crime as a market
Is your smartphone spying on you?
Say “cyber crime market” to the average MBA in America and they probably think you mean the market for security solutions to prevent cyber crime. In Russia the term "cyber crime market" apparently means the amount of money to be made from cyber crime. In 2011, that amount was $12.5 billion according a report recently published by Moscow-based Group-IB. Their analysts concluded that about one third of that total was “earned” by Russian-speaking hackers, and about half of that was earned by hackers inside Russia.
If $12.5 billion sounds lower than some other numbers you have seen connected with global cyber crime that is probably because the other numbers relate to the cost of cyber crime. For example, last year Symantec put the direct cash costs of cyber crime, money stolen or spent resolving cyber attacks at $114 billion per year. That is shocking in itself but the $12.5 billion figure gives you an idea of how well-funded cyber criminals are. That funding is reflected in the increasing sophistication of attacks.
The Group-IB report breaks down the different types of cyber crime, based on Russian data, to show where how money is made. The biggest chunk comes from “online fraud” which is defined as online banking fraud, phishing attacks, and theft of electronic funds, including cashing services for stolen funds. That accounts for 41 percent of the total. The next largest slice of the pie (36 percent) comes from spam, defined as payment for sending spam and earnings from affiliate programs promoting the unlawful sales of drugs and counterfeit products.
Although the threat of DDoS attacks is one of the biggest IT nightmares, such attacks do not appear to be a big earner for the Russian cyber criminal, accounting for just six percent of the market. However, they may cost victims a lot more than that in terms of defensive measures and lost business. (Note that the Group-IB report defines the DDoS sector to include not only extortion but also payment for distributed denial-of-service as a service, in other words: DDoSaaS.)
The report also includes what you might call the “C2C market,” that is cyber crime to cyber crime, revenue from services that cyber criminals sell to each other, including “services for anonymization and sale of traffic, exploits, malware, and loaders.” That accounts for about 10 percent of the cyber crime pie.
All of which would be quite depressing to the law abiding citizen if it were not for continued progress in prosecuting the criminals. For example, last month the FBI removed one Russian from the cyber crime market when they arrested Petr Murmylyuk, aka “Dmitry Tokar,” 31, of Brooklyn, New York. He is a Russian National alleged to have colluded with other persons to steal from online trading accounts at Scottrade, E*Trade, Fidelity, Schwab, and other brokerage firms. The take? Approximately $1 million.
The scam? First create a collection of compromised and controlled brokerage accounts. Gain unauthorized access to online accounts, change the phone numbers and e-mail addresses on file to prevent notice of unauthorized trading from going to the victims. Then use those credentials to open accounts at other brokerages. Pay mules to create yet more accounts. Now use the victims' accounts to make unprofitable and illogical securities trades with the fraudulent accounts (think “short sales”) and transfer the proceeds to mule accounts for withdrawal.Unfortunately, even if Murmylyuk is convicted he faces no more than five years in prison and a $250,000 fine. Sadly, it will take a lot more than that to dissuade people from pursuing their slice of a $12.5 billion opportunity.