It's not news that cybercrime is big business. Here's a telling statistic from a presentation by Lance Wolrab, senior security engineer with SecureWorks, at the SC Congress Data Security Conference and Expo on Wednesday: Bank robberies netted about $40 million worldwide last year. The Zeus group of malware alone raked in nearly $100 million.
 
What I hadn't realized is that cybercrime has matured to the point where it mimics the structure of Big Business. There are services online that amount to cybercrime ERP.
 
“Does anyone remember the early days of hacking? You actually had to know something,” Wolrab said. Now, not so much. PayPerInstall.org will deliver your virus on a per-machine basis (supply chain management and distribution). Virus Total will test your malware against 41 antivirus engines (QA). There are malware tech suppoprt sites with manuals, translation services, even referrals to hosts (the site even has weekly specials). One site features case studies and examples of what “affiliates” can expect to earn. You can rent a botnet for a certain window of time, just like a retailer might scale out its cloud services for the busy holiday season.
 
The one that floored me, though, was the MyLoader Botnet, which offers a reporting dashboard to monitor how many machines are infected and how much money your botnet is making you. It's business intelligence for cybercrooks.
 
The kicker: “Generally, it's not illegal,” according to Wolrab.
 
We are so far behind the curve legally that it's frightening.

Would you recommend this article?

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Previous articleWorking from home still a cultural issue
Next articleSC Congress cyber-attack demo, as it happened
Dave Webb
Dave Webb is a freelance editor and writer. A veteran journalist of more than 20 years' experience (15 of them in technology), he has held senior editorial positions with a number of technology publications. He was honoured with an Andersen Consulting Award for Excellence in Business Journalism in 2000, and several Canadian Online Publishing Awards as part of the ComputerWorld Canada team.