The “company” cybercrime seen by Fortinet

Fortinet company, the worldwide provider of network security appliances and a market leader in unified threat management (UTM), has recently published the report “Fortinet 2013 Cybercrime Report” that deepens the phenomenon of cybercrime.

The report highlights that cybercrime is assuming an amazing relevance, what really surprise is its organizational capacity that has nothing to envy to the most efficient industry.

It is assuming a typical hierarchical structure in which every actor has a well-defined role and  responsibilities, from leaders to money mules, cybercrime is practically infiltrating every sector of society.

The hierarchy’s “executives” oversee operations and define the strategy and the business model to implement, verifying that everything proceed correctly.

Core of criminal business is the technology, groups of specialists that are able to deploy sophisticated malware, arrange private botnets, design fake antivirus software and efficient exploit toolkits.

Exactly like any legitimate organization, the code is reviewed and subject to strict validation processes, another interesting aspect is the recruiting process for large-scale operations, specialized affiliates set up recruitment programs searching for specific technologic profiles to arrange cyber attacks.

Cyber criminals use to promote their products/services on Internet job boards, hacking message forums, and underground IRC chat channels.

Following the Cybercriminal Pay Rates proposed by Fortinet in the report:

 

The organizational structure of Crime-as-a-Service (CaaS) represents a winner choice, a growing network of cyber criminals is able to propose any kind of product and service with methods similar to legitimate business.

The reports correctly states:

“Looking from the outside in, there’s little to distinguish cybercrime organizations from any other business. Like any legitimate commercial enterprise, each player has a designated role or function to perform. And each job is necessary in order to create the desired good that turns the wheels of the machine. The mission? Like any other business, it’s profitability. Or, in some cases, retribution.”

Which are the deliverables of the efficient industry of cybercrime?

They are various and they range from hacking services to production of several malicious code customizable according client’s request.

Following principal services offered and related prices:

• Consulting services such as botnet setup ($350-$400)

• Infection/spreading services (~$100 per 1K installs)

• Botnets & Rentals [Direct Denial of Service (DDoS) $535 for 5 hours a day for one week], email spam ($40 / 20K emails) and Web spam ($2/30 posts)

• Quality Assurance vs. Detection (Crypters, Scanners – $10 per month)

• Affiliate Programs ($5k per day is possible)

• Onshore & Offshore Hosting – Virtual Private Servers ($6 per month),

• Bulletproof/Fast Flux hosting and (VPNs & reverse proxies ($3 per month)

• Blackhat Search Engine Optimization (SEO) ($80 for 20K spammed backlinks)

• Inter-Carrier Money Exchange & Mule services (25% commission)

• CAPTCHA Breaking ($1/1000 CAPTCHAs)—Done through recruited humans

• Crimeware Upgrade Modules: Using Zeus Modules as an example, range anywhere from $500 to $10K

 

The above deliverables are provided using different modalities such as renting, buying or leasing to respond to the client’s needs.

How are laundered the illegal profits?

A fundamental role in cyber criminal organizations is covered by the “money mules”, individuals who are knowingly or unknowingly used to launder a crime syndicates’ ill-gotten gains. Money mules are used to anonymously transfer money from entities, typically through anonymous wire transfer services such as Western Union, Liberty Reserve, U Kash and WebMoney. Transactions are often fragmented into smaller batches to elude controls operated by law enforcement.

 

 

Cyber criminals organizations are structured such as businesses, crimeware syndicates develop for its activities detailed business model and monetization strategy “because even an illegal company needs to ‘pay the bills’ in order to function on a day-to-day basis”. Money Management it’s vital,  the organizations have to track the resources used and the earns for their utilization, they do this utilizing commercial business process management tools, financial systems and many other instruments to manage everything from software development to accounts payable.

To achieve the  success against cybercrime governments, law enforcement, CERT Groups and private businesses have started prolific collaboration that already obtained the decapitation of several botnets, such as Conficker or Mariposa, and the arrest of many cyber criminals … but is just the beginning of a long and hard battle.

Pierluigi Paganini