Google looks to raise the cost of being a cybercrimal
Google is teaming up with industry researchers to study attacking cybercrime by hitting the bad guys where it hurts most, in the wallet.
Google is teaming up with industry researchers to study curbing cybercrime by hitting the bad guys where it hurts most, in the wallet, instead of simply building taller internet security walls around sensitive data.
A Google online security blog, written by Kurt Thomas and Elie Bursztein, Google Anti-Fraud and Abuse Research, noted that since internet crime is now part of a large, underground economy it is vulnerable to the same vagaries that plague any legitimate business.Primarily, keeping costs in line so profit can be maximized. To that end the Google team suggested criminal activity could be better controlled by forcing web-based crime syndicates to pay more for needed services.
“If we view this scenario in an economic light, then increasing the cost of fake accounts, phone numbers, or compromised websites cuts into the profitability of abuse. In the end, abuse propped up by cost-ineffective resources will crumble,” Thomas and Bursztein wrote.
Google argued that by going after this aspect of the problem it would break the current cycle of companies and consumers beefing up their defenses, which only forces the bad guys to find a new avenue of attack. After which they carry on as usual.
“To overcome this reactive defense cycle, we are improving our approach to abuse fighting to also strike at the support infrastructure, financial centers, and actors that incentivize abuse,” the blog said.
Google pointed to several instances that have helped boost the cost of doing business for criminals.
“By exploring the value chain required to bulk register accounts, we were able to make Google accounts 30–40% [sic] more expensive on the black market," the blog said. "Success stories from our academic partners include disrupting payment processing for illegal pharmacies and counterfeit software outlets advertised by spam, cutting off access to fake accounts that pollute online services, and disabling the command and control infrastructure of botnets.”