“Focusing on the boring nature of this work (and making it more boring by taking down illicit servers and complicating this administrative work in other ways) might potentially encourage more of these people to leave the cybercrime industry prematurely.” “I think that for policymakers, one of the key points is that depicting ‘hacking’ as dangerous, risky, lucrative, and highly-skilled not only misses the point (as a lot of cybercrime relies more on boring administrative work) but also is potentially counter-productive, painting a glamorised picture of what is actually quite a dull and low-paid illicit industry,” Ben Collier, one of the report co-authors, told The Daily Swig. These platforms require a huge amount of administration to run, and at the lower levels, threat actors can be paid as little as $20 per month for screening, curation, and user management, they found. In the third case study, the team examined purpose-built illicit infrastructure, including underground forums and marketplaces. This market requires skilled operators to change the malware’s code depending on often low-skill client specifications in which code creation and maintenance, as well as providing constant customer support, can take its toll. After the source code of Zeus was leaked in 2011, operators began offering subscription-based access in return additional functionality and customization. The second case study focuses on the Zeus banking trojan. RELATED Sophisticated botnet feasts on old vulnerability to exploit content management systems “Running a booter service often requires substantial investment in customer support work, through a ticketing system or a realtime chat service, when issues arise with payments or with customers failing to understand how to use the service,” the team noted. Capacity can be sold as a booter service, but as botnets have increased in scope, so has competition. The first illicit infrastructure explored was botnets – networks of compromised, slave devices that can be commanded to perform DDoS attacks. The research is based on interviews conducted with service operators and ‘staff’, existing case studies, and information scraped from online forums. In a research paper (PDF), academics Ben Collier, Richard Clayton, Alice Hutchings, and Daniel Thomas describe three ‘cybercrime-as-a-service’ case studies and how they might lead to crooks exiting the cybercrime scene. ‘Unglamorous and tedious’Īccording to Cambridge University’s Cybercrime Center and the University of Strathclyde, running bulletproof hosting services, operating botnets, or maintaining Distributed Denial-of-Service (DDoS), and stresser services is “unglamorous and tedious work”, with burnout, boredom, and low pay all commonplace. However, in the same way that terrorists need to micromanage the mundane aspects of their affairs, cybercriminals have to keep a handle on the less glamorous side of their nefarious activities – often characterized by tedious tasks, repetition, and low pay, academics have found. High-profile cyber-attacks, such as the 2017 WannaCry ransomware outbreak, 2014 Sony hack, or this year’s compromise of celebrity Twitter accounts to tout cryptocurrency scams, can lend cybercriminality a certain antihero cachet. Those who enter the cybercrime space in anticipation of having an exciting, lucrative career are likely to be disappointed with the more humdrum reality, new research suggests. Life on the wild side is often tedious, repetitive, and not altogether lucrative
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |