To those of us who have seen one of the classic cybercrime movies, hackers are usually social misfits with an ax to grind and come with plenty of attitude. A new academic research paper takes issue with this profile, and indeed its title is somewhat intriguing: Crime is boring. Let’s take a closer look.
The paper begins by describing how cybercrime has shifted to more cloud-based specialized and subscription services, mirroring the general direction that has happened in the legit IT world. Several years ago, cybercriminals sold their malware — now you can find just about anything for free on open-source marketplaces — again, mirroring this general trend in the legit world.
But as the tech has evolved, so has the units of work done by the typical cybercriminal. These jobs are very similar to maintaining the back-office infrastructures of an insurance company or any global business. The majority of people involved in cybercrime are doing the grunt work, such as evaluating different online services, running various scams and acting as resellers. In the past, cybercriminals could be found on dial-up BBS’ or IRC channels. Now they populate Discord, Telegram and other online chat groups.
As a result, the researchers from University of Cambridge (UK) Cybercrime Center have found that “there has been a change in the kind of work involved in the typical cybercrime economy.” Far from the exciting dramas depicted in the hacker movies, much of the work has become fairly routine and even dull, “the underground equivalent of a typical office job.” Or at least the office jobs that we once had at the beginning of the year.
The research involves interviewing admins who operate a variety of several cybercrime services, such as booters and stressers (which form the underpinnings of denial of service attacks). One person was quoted as saying “Creating a stresser is easy. Provider the power to run it in the tricky part.” They describe three malware situations in more detail: the botnet herders, the evolution of the authors of the Zeus banking trojan, and underground marketplaces hosted on the dark web. The booter services have something in common with legit web services: they need a solid customer-facing portal to track users, collect payments and manage the actual attacks. Some of these booters operate more than a dozen different websites that need to be maintained and to be configured and tested for continual operations. This often means a substantial investment in customer support, such as running a problem ticketing and tracking service or realtime text chat. Sound familiar?
The research pulls together a set of eight key features of the unknown cybercrime worker, ranging from support for broader illegal activity to diffusing risk and maintaining stability and transparency of the criminal infrastructure. I have never thought about cybercrime in this fashion, and it made for some interesting reading. The authors also mention that the often-publicized crackdowns on online criminals can “in fact unite communities, giving them a common sense of struggle and persecution” and purpose. Perhaps a different strategy of having law enforcement interventions that focus on the economics of boredom and encouraging burnout could be a viable substitute instead of the “whack-a-mole” current approach.