Canadian IT Blog

The Organizational Structure of Cybercrime

Written by Team CITI | August 13, 2019

Organized cybercrime has become a booming business. The use of ransomware, crime-as-a-service, surveillance, data theft, illicit online marketplaces and trade secret/IP theft are helping cybercriminals generate enormous revenues with relative ease and minimal risk.

It was only a matter of time before organized crime cybercrime became prevalent. Cybercriminals are acquiring, laundering, spending and reinvesting about $1.5 trillion in profits a year. The highest-earning cybercriminals are making up to US$2 million per year, while mid-level cybercriminals make up to US$900,000 according to research.

There are large organizations in the cybercrime economy whose structures closely match the structures and business plans of companies such as Uber, Airbnb, Facebook and WhatsApp. These platform owners are acting more like service providers than criminals. Today's cybercriminals are highly educated computer programmers who have decided to use their considerable skills unethically.

The report went on to say that cybercriminals are rarely caught because they are not visible. Monetizing their business has allowed anyone to purchase pre-packaged malware or hire hackers on demand. Compared to other forms of crime, cybercrime is a lucrative business with relatively low risks.

 

Beach Head

 

According to a top FBI security official, there are two types of organizations: those that have been breached and those that have not realized that they have been breached. Among those that have not yet realized that they have been compromised are those infected with beach head software.

Beach head software secretly installs itself and waits to be given instructions to do something. This software could lay dormant for years. This is a backdoor approach that the user is generally never aware of. Beach head software effectively gives cybercriminals the de facto ability to tamper with or explore the compromised system as they see fit. Cybercriminals will then sell beach head access to other cybercrime companies for them to exploit.

 

Manufacturing and Crime

 

Modern times have ushered in drastic changes in our security systems. Most fundamentally (and strikingly) we have replaced mechanical keys and locks with digital keys and locks. Just like old fashioned keys, the circuitry in digital keys can be replicated. There are organized cybercrime companies operating factories for the sole purpose of developing digital keys for expensive models of cars and then selling these car keys. The cloning of these keys takes a high degree of technical sophistication and strictly speaking, this is not an illegal endeavour. There is a big market for car keys for BMWs and Mercedes and other assorted high end cars. Of course, the car cannot detect that it has been started by an illegal key. Next thing you know, your Maserati is gone in 5 seconds, and any witness to the car theft will not have registered anything out of the normal.

 

Cybercrime: Selling Access to Compromised Networks

 

The companies that establish backdoors to compromised networks sell swathes of access to a block of 100,000 companies. The purchase of a block of compromised networks might also include remote access capabilities, management interface capabilities, and other access capabilities. Many companies included in the block purchase may be of no interest to the purchasing cybercriminal organization and they may hang on to them or resell that access. However, 10% of the total could be of great interest to cybercriminal organizations. Once they take a close look at detection systems and backdoor opportunities, there may be some 50 to 100 valuable prospects out of 100,000. The high value targets are then sold in small quantities or individually to cyberterrorists with political agendas or to common thieves.

 

All large software manufacturers create legitimate software applications that allow them to engage in the surveillance of their users.

 

Organized Cybercrime: Surveillance of Competition

 

The surveillance economy is enormous. Some surveillance is ethical while some is clearly not. The most powerful thing a compromised network can be used for is to surveil competition. If a party can stay undetected, they can watch what is going on for months or years. Imagine the competitive advantage a party could have if it was aware of its competition’s new products months before they launched. Big AI companies and data analytics companies are part of the surveillance economy.

All large software manufacturers create legitimate software applications that allow them to engage in the surveillance of their users. Microsoft has access to everything that users do on their computers, such as every website visited and every keystroke typed. Google is the world’s worst offender in terms of the surveillance economy and knowingly installs surveillance software. Google is literally a surveillance machine. Microsoft’s computer scientists not quite as good at stealing data but they are still trying.

Smart criminals are always the most successful criminals. However, unlike crimes from an earlier era, cybercrime requires a degree of technical sophistication that is generally only taught in colleges or universities. As a result, organized crime cybercrime entities are often indistinguishable in structure from legitimate corporations.

 

Businesses that do not properly protect themselves from cybercrime are at risk. Get in touch with CITI and we can craft a plan that includes anti-malware software and security awareness training for your staff.