Organised cybercrime groups are now as powerful as nations

'Crime as a service' flourishes as hackers share skills to build complex attacks to steal cash and intellectual property.
Written by Steve Ranger, Global News Director
Fingerprint scanning technology should help to battle cybercrime. Image: Shutterstock

Dozens of cybercrime groups have reached the level of sophistication where their technical capabilities are on a par with those of a nation-state, it has been claimed.

Gangs are capable of building complex systems aimed at stealing money and intellectual property on a grand scale, costing almost the same to the global economy as counterfeiting or the narcotics trade — more than $400bn a year.

"Cybercrime produces high returns at low risk and (relatively) low cost for hackers," said a report sponsored by security company McAfee. The report quoted one unnamed European intelligence official who said there are 20 to 30 cybercrime groups in the former Soviet Union that have "nation-state level" capabilities.

Nations themselves have been building up their cyber offensive capabilities in recent years — worrying some who see the start of a cyberwarfare arms race. If organised criminal gangs are building up similar capabilities the online balance of power — already murky — could become extremely complicated.

"These groups have repeatedly shown they can overcome almost any cyberdefence. Financial crime in cyberspace now occurs at industrial scale," the report warned.

At the launch of the McAfee research Paul Gillen, head of operations at the European Cybercrime Centre, warned how sophisticated these organised groups have become.

For example, an organised crime group might spread malware which steals bank account details from an infected PC. That same malicious software would also use affected machines to carry out a denial of service attack against the bank in order to distract the bank's security team while the gang cleans out bank accounts using the stolen account credentials.

Gillen said such business models are quite complex and quite profitable and "therefore it's going to flourish".

Online crime features a complicated range of players — from individual hackers working alone through to organised gangs and state-sponsored hackers, and allegiances and networks between these actors change constantly depending on the criminal opportunities.

For example, hackers who steal financial information can either use the information themselves or sell it on to groups who specialise in exploiting stolen details — who then in turn hire teams of 'mules' or 'cashers' to launder money either through their bank accounts, or by buying goods with stolen credit card details and then repackaging and sending them on.

"Someone who wants to infect computers with a particular type of malware would go to one of the organised crime groups and ask them – crime as a service – can you infect 20,000 computers and for that we'll pay you so much. They do that and they get a pay-per-infection rate. It is quite a sophisticated business model," said Gillen.

The aim of the European Cybercrime Centre is to map those organised crime gangs, connect their online existence to real world identities and shut them down. But he said these groups can be hard to disrupt because they only know each other by online monikers and as such there sometimes isn't any real world interconnectivity.

Gillen said: "I don't know whether someone writing a specific piece of malware or developing a specific exploit for somebody who is buying that to deploy would even regard themselves as being part of an organised crime group, but the reality is they contribute to the overall business model."

Cybercrime experts point to the so-called 'Gameover Zeus' botnet as an example of the level of sophistication seen in online crime. The malware is designed to steal banking credentials from the computers it infects; it then uses those credentials to initiate or re-direct wire transfers to accounts controlled by cyber criminals. Researchers estimate that between 500,000 and one million computers worldwide are infected and it has stolen around €75m.

As well as putting their owner's bank accounts in jeopardy, the infected computers also become part of the global botnet of compromised computers, transmitting ransomware known as CryptoLocker, which encrypts all the files of the victim's computer and tries to extort $750 or more to receive the password necessary to unlock the files.

As of April this year CryptoLocker had infected more than 234,000 computers and the FBI estimates $27m in ransom was paid in the first two months since it emerged.

While Zeus has been around for a while, the GameOver version is particularly sophisticated in that it has a decentralised, peer-to-peer command and control infrastructure rather than centralised points of origin, which means that instructions to the infected computers can come from any of the infected machines, making a takedown of the botnet more difficult.

The report also warns that stock market manipulation is a growth area for criminals who hack into companies looking for information — new products or merger plans for example — that could affect a company's stock price, and then use this information to profit from share trading. "For high-end cybercriminals, cybercrime may be morphing into financial manipulation that will be exceptionally difficult to detect".

The report also calculates the damage of cybercrime, noting "cybercrime is a tax on innovation", estimating the damage to company performance, through losses of intellectual property, and the damage to GDP could cost as many as 200,000 US jobs and 150,000 across Europe.

Further reading on cybercrime

Editorial standards