The Industrialization of Cybercrime
Author | Tamas Gaidosch |
Pages | 22-25 |
C
ybercrime is now a mature industr y oper-
ating on principles much like those of
legitimate businesses in pur suit of prot.
Combating the proliferation of cyber-
crime means disrupting a business model that
employs easy-to-use tools to generate high prots
with low risk.
Long gone are the legendar y lone-wolf hackers of
the late 1980s, when showing o level 99 computer
wizard ski lls was the main reason to get into other
people’s computers. e shift to prot making,
starting in t he 1990s, has gradually taken over
the hacking scene to create tod ay’s cybercrime
industry, with all the attributes of normal busi-
nesses, including markets, exchanges, specialist
operators, outsourcing service providers, i ntegrated
supply chains, and so on. Severa l nation-states
have used the same technolog y to develop highly
eective cyber weaponr y for intelligence gathering,
industrial espionage, a nd disrupting adversar ies’
vulnerable infrastructures.
Evolution
Cybercrime has proliferated even though t he
supply of highly skilled specia lists has not kept
pace with the increasing technical sophistication
needed to pull o protable hacks with impun ity.
Advanced tooling and automation have lled the
gap. Hacking tools have evolved spectac ularly
over the past two decade s. In the 1990s, so-cal led
penetration testing to nd vu lnerabilities in a
computer system was all t he rage in the profession.
Most tools available at that time were simple, often
custom built, and using them required consid-
erable knowledge in programming, networking
protocols, operating system internal s, and various
other deeply technical subjects. A s a result, only a
few profession als could nd ex ploitable weaknes ses
and take advanta ge of them.
As tools got better and ea sier to use, less skilled,
but motivated, young people—mocking ly called
“script kiddies”—started to u se them with relative
success. Today, to launch a phishing operation—
that is, the fraudulent practice of send ing email
that appears to be from a reputable sender to trick
people into revealing condentia l information—
requires only a basic understa nding of the concepts,
willingnes s, and some cash. Hacking has become
easy to do (see chart).
Cyber risk is notoriously dicult to quantif y.
Loss data are sca rce and unreliable, in part becau se
there is little incentive to report cy ber losses, espe-
cially if the incident does not make headlines or
there is no cyber insura nce coverage. e rapidly
evolving nature of the thre ats makes historical data
less relevant in predicting f uture losses.
Scenario-based mode ling, working out the costs
of a well-dened incident aecti ng certain econo-
mies, produces estimates in the tens or hundreds
of billions of dollars. Lloyd’s of London estimates
losses of $53.05 billion for a cloud service outage
lasting 2½ to 3 days a ecting the advanced econo-
mies. An IMF model ing exercise put the base-case
average aggregated a nnual loss at $97 billion, with
the worst-case scenario i n the range of $250 billion.
Causes and consequences
Crime in the physical world—with t he intent of
making money—is generally motivated simply
by prot potentially much higher than for lega l
business, which criminals view as c ompensa-
tion for the high risk. In t he world of cybercrime,
The Industrialization of
CYBERCRIME
Lone-wolf hackers yield to mature businesses
Tamas Gaidosch
22 FINANCE & DEVELOPMENT | June 2018
To continue reading
Request your trial