Organised cybercrime groups are now as powerful as nations

Organised cybercrime groups are now as powerful as nations

Summary: 'Crime as a service' flourishes as hackers share skills to build complex attacks to steal cash and intellectual property.

TOPICS: Security
Fingerprint scanning technology should help to battle cybercrime. Image: Shutterstock

Dozens of cybercrime groups have reached the level of sophistication where their technical capabilities are on a par with those of a nation-state, it has been claimed.

Gangs are capable of building complex systems aimed at stealing money and intellectual property on a grand scale, costing almost the same to the global economy as counterfeiting or the narcotics trade — more than $400bn a year.

"Cybercrime produces high returns at low risk and (relatively) low cost for hackers," said a report sponsored by security company McAfee. The report quoted one unnamed European intelligence official who said there are 20 to 30 cybercrime groups in the former Soviet Union that have "nation-state level" capabilities.

Nations themselves have been building up their cyber offensive capabilities in recent years — worrying some who see the start of a cyberwarfare arms race. If organised criminal gangs are building up similar capabilities the online balance of power — already murky — could become extremely complicated.

"These groups have repeatedly shown they can overcome almost any cyberdefence. Financial crime in cyberspace now occurs at industrial scale," the report warned.

At the launch of the McAfee research Paul Gillen, head of operations at the European Cybercrime Centre, warned how sophisticated these organised groups have become.

For example, an organised crime group might spread malware which steals bank account details from an infected PC. That same malicious software would also use affected machines to carry out a denial of service attack against the bank in order to distract the bank's security team while the gang cleans out bank accounts using the stolen account credentials.

Gillen said such business models are quite complex and quite profitable and "therefore it's going to flourish".

Online crime features a complicated range of players — from individual hackers working alone through to organised gangs and state-sponsored hackers, and allegiances and networks between these actors change constantly depending on the criminal opportunities.

For example, hackers who steal financial information can either use the information themselves or sell it on to groups who specialise in exploiting stolen details — who then in turn hire teams of 'mules' or 'cashers' to launder money either through their bank accounts, or by buying goods with stolen credit card details and then repackaging and sending them on.

"Someone who wants to infect computers with a particular type of malware would go to one of the organised crime groups and ask them – crime as a service – can you infect 20,000 computers and for that we'll pay you so much. They do that and they get a pay-per-infection rate. It is quite a sophisticated business model," said Gillen.

The aim of the European Cybercrime Centre is to map those organised crime gangs, connect their online existence to real world identities and shut them down. But he said these groups can be hard to disrupt because they only know each other by online monikers and as such there sometimes isn't any real world interconnectivity.

Gillen said: "I don't know whether someone writing a specific piece of malware or developing a specific exploit for somebody who is buying that to deploy would even regard themselves as being part of an organised crime group, but the reality is they contribute to the overall business model."

Special Feature

IT Security in the Snowden Era

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. When we look back a decade from now, we expect this to be the biggest story of 2013. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices.

Cybercrime experts point to the so-called 'Gameover Zeus' botnet as an example of the level of sophistication seen in online crime. The malware is designed to steal banking credentials from the computers it infects; it then uses those credentials to initiate or re-direct wire transfers to accounts controlled by cyber criminals. Researchers estimate that between 500,000 and one million computers worldwide are infected and it has stolen around €75m.

As well as putting their owner's bank accounts in jeopardy, the infected computers also become part of the global botnet of compromised computers, transmitting ransomware known as CryptoLocker, which encrypts all the files of the victim's computer and tries to extort $750 or more to receive the password necessary to unlock the files.

As of April this year CryptoLocker had infected more than 234,000 computers and the FBI estimates $27m in ransom was paid in the first two months since it emerged.

While Zeus has been around for a while, the GameOver version is particularly sophisticated in that it has a decentralised, peer-to-peer command and control infrastructure rather than centralised points of origin, which means that instructions to the infected computers can come from any of the infected machines, making a takedown of the botnet more difficult.

The report also warns that stock market manipulation is a growth area for criminals who hack into companies looking for information — new products or merger plans for example — that could affect a company's stock price, and then use this information to profit from share trading. "For high-end cybercriminals, cybercrime may be morphing into financial manipulation that will be exceptionally difficult to detect".

The report also calculates the damage of cybercrime, noting "cybercrime is a tax on innovation", estimating the damage to company performance, through losses of intellectual property, and the damage to GDP could cost as many as 200,000 US jobs and 150,000 across Europe.

Further reading on cybercrime

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • "– more than $400m a year"

    It's more than I have in my bank account, but it looks kind of low-ball in a trillion dollar ++ economy. Maybe $400b?
  • meanwhile the REAL crims

    Are ripping off billions thru deceptive in-app purchasing thanks to Apple deceptively REQUIRING a payment method on signing up APPLE ID.
    Why do it illegally when Apple makes it easy legitimately?
    • dumb...

      Apple does not require a payment method... You can easily choose "None" in the list. You should get some facts before posting.
    • But we're not talking about Apple here

      Apple, according to most people, is a legitimate business, regardless of what one may think about the ethics of its managers.
      John L. Ries
  • We are SPECTRE, Mr. Bond.

    What we need is an all inclusive, world wide electronic surveillance capability that can spot and identify these nefarious cyber criminals before they can wreck havoc upon innocent citizens or impact the economies of sovereign nations.

    I nominate five countries that could take the lead in forming this electronic surveillance: the United States, Great Britain, Canada, Austrailia and New Zealand. (New Zealand? Hey, the make great Hobbit movies.)

    By monitoring every person's telephone calls and internet online presence (and offline - in some cases), combined with a vast facial recognition and aural identification database system, the world will become a safer place.
    • RE: the world will become a safer place

      I would think the opposite... more risky.

      Pirate a single entity and you now do have full access on everyone's life.
      • Lol

        I think you missed the sarcasm... At least I hope he was being sarcastic.
        • The best sarcasm examples are those that can be interpreted both ways

          I am to please both sides: The far uber right and the liberal left! Grin.

          BTW, it was sarcasm.
    • it's called the 5-eyes network

      for a reason. and i agree about the hobbit movies...
    • I do like the subject line

      And in all seriousness, I don't think that Ian Fleming would have been at all surprised by the ability of organized crime to take advantage of modern technology.
      John L. Ries
  • if it's connected to the net, then it's not secure

    In this day and age, a company would be foolish to put "plans for mergers" on computers connected to the net.

    Nothing connected to the net is secure, even the military and it's partners get hacked.

    There's just no excuse anymore. We know how vulnerable computers are and no amount of "security" can change that.
  • Probably a bit of an exaggeration

    The gangs with a large Internet presence don't seem likely to put their own armies in the field any time soon, putting them in a considerably weaker position than drug traffickers or radical Islamists. There is ample reason for concern, but not for panic.
    John L. Ries