Academic study reveals just how lucrative cyber crime can be, with top-level cyber criminals out-earning government leaders and university graduates.
Cyber criminals are acquiring, laundering, spending and reinvesting about $1.5tn in profits a year, research has revealed.
Mid-level cyber criminals make up to $900,000 (£639,000), which is more than double the US president’s salary, while entry-level cyber criminals make about $42,000 (£30,000), which is significantly more than the average UK graduate, the research noted.
The findings on how much cyber criminals earn from their illegal activities and what they spend their profits on are part of an 11-month study into the macro economics of cyber crime and how the various elements link together. It has been led by Michael McGuire, senior lecturer in criminology at Surrey University.
The report highlights how cyber crime has become a booming economy, and reveals cyber criminal links to drug production, human trafficking and even terrorism.
The use of ransomware, crime-as-a-service, data theft, illicit online marketplaces and trade secret/IP theft are helping cyber criminals generate huge revenues with relative ease, the report said.
The research also revealed that there are large organisations in the burgeoning cyber crime economy that closely match the structures and business plans of companies such as Uber, AirBnB, Facebook, Twitter and WhatsApp.
These platform owners are acting more like service providers than criminals, leading to a shift from those who commit crime to those who enable and profit from it, the report said.
“Cyber crime is a lucrative business, with relatively low risks compared to other forms of crime,” said Bromium CIO Gregory Webb.
“Cyber criminals are rarely caught and convicted because they are virtually invisible. As criminals further monetise their business, allowing anyone to buy pre-packaged malware or hire hackers on demand, the ability to catch the kingpins becomes even more challenging.”
According to Webb, the cyber security industry, business and law enforcement agencies need to come together to disrupt cyber criminals and cut off their revenue streams. “By focusing on new methods of cyber security that protect rather than detect, we believe we can make cyber crime a lot harder,” he said.
Data gathered by the research team through first-hand interviews with 100 convicted or currently engaged cyber criminals, law enforcement agencies and financial institutions, combined with dark web investigations, reveals that 15% of cyber criminals spend most of their money on immediate needs, such as paying bills.
One-fifth of cyber criminals focus their spending on drugs and prostitution, 15% spend to attain status or impress, but 30% convert some of their revenue into investments. Some 20% spend at least some of their revenue on reinvestments in further criminal activities, such as buying IT equipment.
The proceeds of cyber crime fuel other crimes, such as terrorism and human trafficking, the report said, much like a legitimate business reinvests profits to expand while also contributing towards core philanthropic values.
The research showed that cyber criminals are reinvesting their money to grow their own business, but also to promote other types of crime. Terrorism, human trafficking, drugs manufacturing and firearms trading have all been beneficiaries of cyber crime.
The report noted there is a growing market catering to cyber criminals by allowing them to buy things with virtual currency. Sites such as White Company, Bitcoin Real Estate and de Louvois offer luxury products priced in bitcoin, which is becoming a concern for financial analysts, the report said.
“The range of spending habits among cyber criminals is fascinating,” said McGuire, who will present the full findings of the Web of profit study at the RSA Conference in San Francisco from 17-19 April.
“A lot of cyber criminals spend their money on increasing their status, whether that be with peers or romantic interests.
“One individual in the UK, who made around $1.7m (£1.2m) per year, spent huge amounts of money on a trip to Las Vegas, where he claimed to have gambled $40,000 and spent $6,000 hiring sports cars so that they could ‘arrive in style’ at casinos and hotels.
“Another UK cyber criminal funnelled his proceeds into gold, drugs, expensive watches and spent £2,000 a week on prostitutes. It’s alarming how easily cyber criminals are able to spend their illicit gains. There is an ever-growing market that is almost tailor-made for cyber criminals to make these ostentatious purchases with little to no regulation or oversight.”
Other, previously released findings from the report revealed that cyber criminals are using a combination of new cryptocurrencies, gaming currencies and micro-payments to launder up to $200bn in ill-gotten gains.
According to McGuire, the report’s aim is to examine revenues to gain a true picture of cyber crime, to help the cyber security industry and law enforcement identify opportunities to disrupt cyber criminal revenues and prevent social harm.
Published in Computer Weekly.
WASHINGTON (Reuters) – The U.S. Justice Department announced one of its largest-ever takedowns of a global cyber crime ring on Wednesday, saying it had indicted 36 people accused of trafficking in stolen identities and causing more than $530 million in losses to consumers.
The cyber crime network, operating as an online discussion forum known as “Infraud,” ran a sophisticated scheme that facilitated the purchase and sale of Social Security numbers, birthdays and passwords that had been stolen from around the world, the department said.
The group worked under the slogan “In Fraud We Trust” and was created in 2010 by Svyatoslav Bondarenko, a 34-year-old Ukrainian, according to the indictment.
In launching it, the indictment alleges he referred to online forum as a “comfortable and safe” place to “bring together professional people for who carding and hacking become a lifestyle.”
He created a hierarchy within the organization, and vetted proposed advertising on the site for stolen wares. He also banned members from buying or selling stolen devices or other items that belonged to Russian victims, according to the indictment.
In addition to facilitating the sale of stolen information, the network also provided an escrow account people could use to launder their proceeds using digital currencies including bitcoin, Liberty Reserve, Perfect Money and WebMoney. That service was run by Sergey Medvedev, a cofounder of the Infraud site, according to the indictment.
Of the 36 people indicted, Justice Department officials said that 13 have been arrested in the United States, Australia, the United Kingdom, France, Italy, Kosovo and Serbia.
They face charges that include identity theft, bank fraud, wire fraud and money laundering.
The other defendants remain at large and the investigation is still ongoing, Deputy Assistant Attorney General David Rybicki told reporters on a conference call.
“Today marks a significant step in the battle against transnational cyber crime,” he said.
The indictment said that among the stolen items advertised were 795,000 HSBC bank logins, dozens of PayPal logins and credentials, and credit card numbers. Users could also use the site to advertise malware for sale.
In April 2016, the department alleges, Medvedev took over as the “admin and owner” of the site, after he posted on a note online saying that Bondarenko had gone missing.
Reporting by Sarah N. Lynch and Doina Chiacu; Editing by David Alexander and Matthew Lewis