The FBI estimates that in 2005, US business lost on average $24,000 from computer-related crimes for a total cost of approximately $67 billion across the US economy. Moreover, the Department of Justice estimated that 3.6 million US households were attacked with a form of identity theft during the first six months of 2004. On average, each household lost $1,290 from each theft for an estimated national yearly total of $6.4 billion.
These numbers illustrate that there is an overwhelming amount of money to be made from illicit on-line activity. As a result, cyber criminals have adapted their tactics in an attempt to ensure continued access to these profits. Principal among these altered tactics are the use of smaller and less visible botnets, the targeting of rival cyber-criminal gang?s botnets, the targeting of commercial anti-virus products, and the targeting of unprotected information resources (ie cell phones and PDAs). Each of these tactics enables cyber criminals to evade detection, cheaply develop resources needed to carry out illicit acts, harvest new avenues of attack, and reap increased profits from their activities.
Given the profits available to cyber criminals, it is not surprising that members of the mafia, in particular the Russian mafia, have entered the cyber underworld. According to Ken Dunham of iDefense, “there’s a well-developed criminal underground market that’s connected to the mafia in Russia and Web gangs and loosely affiliated mob groups around the world.? In many cases, these physical world criminals hire talented hackers to carry out cyber attacks. According to Roger Thompson, a computer security professional, the Russian mafia is ?paying to recruit bright young hackers?They’re into everything: spyware installations, denial-of-service shakedowns, you name it. It’s the traditional mafia finding it easy to make money on the Internet.?
While in some cases the mafia hires a talented hacker, there are other cases where hackers will develop malware without prompting and attempt to sell it to the highest bidder in the criminal underworld for a profit. According to Jim Melnick of iDefense, in one case ?an undetectable Trojan was offered for sale and the buyers were debating whether it was worth the price. They were doing competitive testing to ensure it actually worked as advertised.?
This emerging economic structure of the cyber underworld has serious ramifications for national security. The most immediate concern should be whether rogue nation-states or terrorist groups will see the hiring of willing hackers as a shortcut to fielding a legitimate cyber warfare capability. It is beyond the scope of this piece to discuss the damage a well-planned and well-executed cyber attack can cause. A successful cyber attack in combination with a physical attack could result in lost life and serious economic costs. Therefore, a rogue state or a terrorist group may consider the investment of thousands of dollars as worth the potential return giving the calamity a successful attack could create.
Therefore, the emerging and ever shifting cyber underworld should be taken seriously. If the wrong actors enter the market, there will be effects far more serious than a stolen credit card.