Threat Management, Black Hat

Cybercrime is full of nine-to-fivers, short on masterminds

Photo:DOJ

Think of a cybercriminal. Let's call the cybercriminal Kelsey.

Does Kelsey think about being a criminal? Does Kelsey think it's cool? Does Kelsey have a novelty license plate that says HACK CAR?

Now think about a clerk at a grocery store or whoever it is who writes greeting cards, or someone else with an average job. Let's call the normal worker Alex. Is the clerk in it for the love of the groceries? Does the greeting card writer genuinely care whose birthday it is? Is Alex more interested in what the job is or is Alex just showing up to work to get a paycheck?

Cybercrime is not all Kelsey. Cybercrime is mostly Alex. At least, that is the finding of a research team from GoSecure, Secureworks, the Czech Technical University in Prague and Cisco.

At a Wednesday Black Hat talk, the team presented on what they are calling the "mass effect" - the large number of people hired for mundane traditional jobs to keep a crime operation afloat. Think of the web designer who makes the sales site to license ransomware affiliates.

"As security people, we usually do not think about them," said Sebastian Garcia, an assistant professor at the Czech Technical University specializing in malware research who worked on the project, speaking to SC Media ahead of the conference. "We have in our minds, the cybercriminal right the guy that has a Ferrari or is the kingpin of the spam war or whatever. But for every one of them, there may be a mass of 1000s of people supporting the industry."

The team compared problems, where support staff was asking for help within the private forums focused on cybercrime during specific timeframes, to similar posts on a large public forum where around 500,000 mostly above board technical workers asked for community help. They found, conservatively, that 7% of the posters in the forum during those timeframes were working as criminals.

The researchers noticed that much of the criminal support workers drifted in and out of crime, acting less like devoted criminals and more like technical contractors looking for their next gig.

"This is something that we see a lot in criminology, too. The masterminds in the drug trade are not representative of the people who will get to prison. What you find instead are the soldiers who sell on street corners are the ones who get caught." said Masarah Paquet-Clouston of GoSecure, who headed the project. Paquet-Clouston, in addition to her role at GoSecure, is a doctoral candidate in criminology.

That could be particularly useful in diverting people away from crime, she said.

"Maybe there's a way for us to pull them out of that opportunity and drift them back into better, legitimate opportunities."

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.