Cybercrime doesn't pay: well it does, and very well

A large part of me is worried about writing this post because in some way, I could be considered as promoting the idea or inciting people to commit cybercrime. Well, that's not my intention as such - instead I'm taking a more back seat approach to denounce why people commit cybercrime and what people get out of it.
Written by Zack Whittaker, Contributor
A large part of me is worried about writing this post because in some way, I could be considered as promoting the idea or inciting people to commit cybercrime. Well, that's not my intention as such - instead I'm taking a more back seat approach to denounce why people commit cybercrime and what people get out of it.

As a criminologist and sociology student, the way people interact with society, other people and how society lives and works together, whilst comparing that to crime and the law gets my juices flowing nicely. If it didn't provoke my academic mindset, it would most certainly give me the horn instead.

The considerations of cybercrime

Where do you start... it doesn't take much work or effort to start your basic cybercrime campaign. If you wanted to start off on a basic level, phishing still works relatively well. Between May 2004 and May 2005, nearly $1 billion was stolen in phishing attacks, with it escalating every year since. You create a fake website which looks like an online banking interface, buy a list of emails from a marketing company (consider this an "investment") and mass email out a fake email claiming that you are their bank, link to that website and harvest the account details as they come in.

Relatively simple really. Get someone with the know-how and split the profits... or kill them and take it all (after all, if you're going to be a criminal, you may as well go whole-hog).

You could consider pornography as a easy way to make a shed load of cash.Forget copyright and intellectual property; you're a cybercriminal, you don't need to worry about things like that. Download a fine selection of grainy, jumpy porn from a selection of free websites, host it on a web server, lock the front page with a few free tasters to get people enticed, then put a PayPal screen up to exchange access for money. Use the aforementioned spam technique to promote yourself, or invest in online advertisements to draw in the viewers.

Cybersquatting is a costly yet intriguing concept. Find the next best thing online - take Cuil, for example, the search engine which got a lot of news coverage at the time but never took off. Take the supposed website name, in this case it would be www.cuil.com and go about buying very similar domains which sound or look similar. This could include:

www.ciul.com - www.kewl.com - www.seeuil.com - etc.

From there, you can laden your websites with high-paying advertisements or referrals for products to download. The more press coverage and the stupider the person wanting to try it out in hope they get the address wrong is the main factor to making this work. One postman from Cardiff, Wales, spent around $35 on a website domain only to demand in excess of $16,000 from companies before they hand it over.

The anonymity factor

Most people seem to think that having this aura of anonymity on the web gives us the excuse to say things we wouldn't normally say in person. Criminals also use this theory because they see people on the Internet as "not real people";instead they are screenames, aliases and avatars. Because of this, an ailing conscience of those purporting attacks and committing cybercrime is a lot less than in real life, in thery there anyway.

An essay which I wrote for my core criminology module this year consisted of the differences between online and offline crime. Those who commit fraud in person, seeing the faces of their victims, will have a different level of effect on their conscience than that of those who commit online crime and see no faces - again, in theory.

The white hat approach

Now this is what I really wanted to get round to. Something closer to home for me, as an example which works quite well: the UK (as well as the US) are under constant fire and electronic attack from other nations such as China and Russia. In turn, these nations are under attack from other countries themselves; it's a constant, on-going battle.

The US cyber-security industry has expanded rapidly over the last decade, with government and non-governmental organisations working together in forming not necessarily a single solution, rather a mesh of preventative measures to protect the electronic infrastructure of each respective countries. When Obama took office, this was one of the main steps he wanted to take in his presidency.


By working with these people; once hackers and cybercriminals are now turning "white hat" - working towards defeating their once-were colleagues and tightening up security using their background knowledge. For example:

"Launching the strategy earlier Lord West, who has been appointed as the UK's first cyber security minister, said the government had recruited a team of former hackers for its new Cyber Security Operations Centre, based at the government's secret listening post GCHQ, in Cheltenham, to help it fight back."

What did make me giggle when reading through this was what it said afterwards:

"They had not employed any "ultra, ultra criminals" but needed the expertise of former "naughty boys", [Lord West] added. "You need youngsters who are deep into this stuff... If they have been slightly naughty boys, very often they really enjoy stopping other naughty boys."

He also confirmed that the government had developed the capability to strike back at cyber attacks, although he declined to say whether it had ever been used."

Become a hacker, then a spook - to become a hacker spook: pays well, government pension, save the world every day, sounds alright to me.

Which side to stick with

Cybercrime does pay very well, if you get it right; not only for the criminals starting the attacks but also for the security industry aiming to seal up breaches and minimise fallout as a result.Considering that cybercrime awareness and law enforcement departments are opening up to the new waves of online crime, including fraud, phishing, child abuse imagery and media and suchlike and the sort, you might want to consider staying on the good side of the security industry. At least this way, you can make money out of cybercrime without any of the side-effects of criminality... such as being buggered in the showers at prison.

Would you try and get a job in the security industry, with no guarantee you'll get it or stay there, or head over to the dark side and live life in a dark shadow of crime?

Editorial standards