Let's start with an article by Brian Krebs from the Krebs on Security blog. He studied a 25-page paper from the University of Cambridge Cybercrime Center on what constitutes the basis of hacker work and how attractive it really is. The text is given with small abbreviations that do not affect the meaning. The article helps to remove "rose-colored glasses" when looking at the world of cybercrime.
Our head of information security service Alexey Drozd (akalabyrinth) gave his additions and comments along the way. After all, although cybercrime is not limited to individual countries, there are still differences on different sides of the ocean. You can expand or hide the remarks to read only the translation of the original text.
When law enforcement reports the arrest of a cybercriminal, the defendant often appears to be a daredevil who leads a complex but lucrative and exciting business. But modern cybercriminals are increasingly working for the customer. As a result, most of the cybercriminals' time is tedious and boring work providing customer service and technical support. Such conclusions are made by researchers at the Center for Cybercrime at the University of Cambridge.
Excuses from hackers
Their document examines the amount of work and their quality that cybercriminals have to maintain. In particular, the researchers focused on how criminals who sell botnet creation services, custom-made malware, organize DDoS attacks, etc., work. To do this, they interviewed current and former hackers, as well as studied messages on underground forums and chats.
The image of a hacker from the stock, which has become a textbook. Hackers are portrayed as mysterious heroes. In reality, these are people who lead a boring office life.
Romantic descriptions of cybercriminal activity ignore the mundane, mindless work that must be done to support the illegal online economy. Meanwhile, most of the people involved in criminal schemes are doing exactly what they do boring office work. No more exciting than the actions of legal system administrators.
See for yourself
2012 Citadel, .
Citadel — -. Citadel CRM Store, :
, «» . , , , : .
Citadel — -. Citadel CRM Store, :
- - ;
- ( );
- , / , - ;
- ;
- , , ;
- jabber- , /.
, «» . , , , : .
Richard Clayton , co-author of the report and director of the Cambridge Cybercrime Center, believes politicians and law enforcement are doing themselves a disservice by issuing press releases investigating sophisticated and advanced criminals.
“When people are interested in cybercrime, they want to learn about rock stars and exciting high-paying jobs. In fact, for most people involved in cybercrime, they do something very different, ”Clayton tells KrebsOnSecurity.
Quote from a study by the University of Cambridge Cybercrime Center:
« , , – , . . . . , , .
, . . , - . , , , . - , ».
The lifespan of clandestine services depends on reputation, and its basis is reliability, efficiency, quality of customer service, speed of response to customer requests. As a result, these services typically require a significant investment in the staff needed to run the customer support (via ticket or live chat), to resolve payment issues, or to educate customers on the service.
I am reminded of the initiative of a very large drug sales platform.
- . , (, ). , «».
In one of the interviews, the former support administrator told how tired he was of working with clients who considered it normal to put all the hard work of the service on him.
From the interview:
“After a year of such work, I lost all motivation, I didn't care anymore. So I just left and started living a normal life. Creating a service (originally booter service aka “stresser”) is not difficult. It is difficult to ensure its performance. You have to put in all your efforts, all your attention. You have to sit in front of a computer screen, scan, filter, then filter - and so 30 times for 4 hours. It pisses me off. "
The researchers note that burnout is a common problem for customer service personnel, “characterized not so much by the gradual withdrawal from a once interesting activity, but by an increase in boredom and frustration. As soon as the low social and financial ceiling of this work is reached ”.
Besides,
. , .
Capricious clients
Developers, too, find themselves quickly overwhelmed with customer requests and negative reviews for any failure, even if the service generally works well.
A vivid illustration of how developers are being held hostage to this situation is the story of the infamous ZeuS Trojan, a powerful password stealing software that was used to steal hundreds of millions of dollars from companies . It is believed that the malware author quit his job and released the source code mainly in order to focus on less tedious work than supporting hundreds of clients. By the way, by opening the code, he spawned an entire industry of malware as a service.
ZeuS experience may not be the best example. The owner's desire to get away from supporting hundreds of customers led him to focus his attention and resources on creating a much more complex malware - GameOverZeus.
A similar story is with Markus Hutchins, who told Wired that he “quickly got bored with his botnets and hosting services, which required a lot of 'naughty customers' to communicate with. Therefore, he chose to concentrate his efforts on something that he liked much more - improving his own malware. Clayton from Cambridge and his colleagues argue that the last two examples are the exception rather than the rule, with ordinary hackers having to pull their straps.
An illustrative example is the Cerberus banking malware.
Boredom that kills interest
Researchers point to an often overlooked factor in the fight against cybercrime. It is about making the job of cybercriminals as laborious and boring as possible. Destroying domain names and other infrastructure makes more sense than just catching up. Yes, attackers simply move the infrastructure and keep working, but this creates a constant tedious job for them.
In the document, the researchers make a reservation that speaking of the "boredom" of low-skilled underground work, they do not want to cast a shadow on the value and importance of the work of system administrators working in the legal field. The knowledge and skills of these two groups of people cannot be compared.
Because it's not just boredom
. , , , , . , . , \ – 50% . , . , . . «», . , , , , .
The authors believe that the wording of press releases, statements of law enforcement agencies and politicians should change. Now they are focusing on the fact that criminal behavior is harmful and dangerous, that this activity requires a high level of technical skills, that there is a lot of money, but there is a high risk of detection, arrest and prosecution. All this only fuels the aspirations of those employed in the black sector of the economy. Conversely, messages that emphasize that the job is tedious, low-skilled, and poorly paid may affect those in the criminal subculture.
In addition, posts highlighting the lack of sysadmins, pen testers in legal businesses (“you can do the same in the legal field and get good money”) can demonstrate that the desired experience can be obtained in a more prosaic way, without diving into illegal activity.
And not only experience.
. . , -. « » «» .
The research itself is available here