The Cybercrime Service Economy
文 / 史考特.伯瑞納托(Scott Berinato)    攝影 / 李明
瀏覽數 350+
分享 Line分享分享 複製連結

Anyone who doubts that internet commerce faces serious threats from online criminals should consider this: Criminal hacking has spawned a full-blown service economy– one that supports growing legions of relatively lower-skilled but fulsomely larcenous hackers.

In the past year, entrepreneurs, many of them based in Russia, have begun to create criminal hacking enterprises aimed not at stealing but at providing services to help others steal. Business has quickly taken off. Per unit of risk – of apprehension, prosecution, and incarceration – enabling online crime pays better than perpetrating it directly. Criminal services entrepreneurs are netting millions of dollars a month. Some experts estimate that, all told, they earned $1.5 billion in 2007.



Last year, two Russians created a subscriptionbased identity theft service. Rather than steal personal credentials themselves, the two hacked into PCs and then charged clients $1, 000 per compromised machine for 30 days of unfettered access.

The clients are betting that during the 30-day period( one billing cycle) victims will bank or otherwise submit personal data online.


To offer their subscription service, the hackers contracted with yet another service provider to obtain a sophisticated distribution system for the illicit code, called a bot, that they would use to infect the PCs. That distributor enticed website owners to hide its bot on their sites by promising weekly payments based on the volume of traffic, much the way newspapers are paid by advertisers according to the number of visitors to their websites. Other service businesses aggregate large networks of compromised computers, called botnets, and rent out portions of their networks for whatever task the client has,perhaps to distribute spam, disable a competitor’s website, or infiltrate a firm’s network in order to steal intellectual property.


傳輸服務提供者慫恿網站主人把傀儡程式藏在網站上,承諾每週按瀏覽人數付款,就像廣告主根據造訪公司網站人數支付報紙廣告費。另一些服務業者匯集一大群遭駭客侵入的電腦網路,就是所謂的傀儡網路( botnets) ,並把部分網路出租給客戶, 供他們任意使用,像是寄發垃圾郵件、癱瘓競爭對手的網站,或是滲透到某些公司的網路以竊取智慧財產。

As with any service business, customers wil ling to pay ex tra can obtain premium offerings. The two hackers behind the subscription service will “clean up” your data – get rid of low-value information and genera te helpful reports item izi ng what you’ve stolen. The botnet rental operations offer anc- illary consulting to maximize the effectiveness of your attack,some guarantee specifi ed service levels or your money back.


The biggest factor driving the emergence of this new service economy is the obvious one: an explosion of online banking and shopping, coupled with consumers’ increasing willingness to disclose personal information over the internet. For those with the technical skills, opportunities for exploitation are richer than ever before.

But something else is happening, too. Those gifted hackers are now enabling the far larger market of wannabes whose deficient skills would otherwise shut them out of the cybercriminal enterprise system.

By creating services for those people, hackers can generate huge profits without actually committing fraud. Gold prospectors may or may not strike it rich, but folks selling pans and pickaxes make a heck of a living either way.



What surprises some experts about this new service economy is just how innovative and vibrant it has become. The hackers code at a PhD level. Their solutions to problems are creative and effi cient. They respond to market conditions with agility. Their focus on customer service is intense. If this loose collective of criminal hackers were a company, it would be a celebrated case study of success.

Cybercrime services are so sophisticated and powerful that they make one pine for the days of simple website defacements and e-mail viruses with cute embedded messages. The new breed don’t just disrupt business, they threaten it by frightening customers and undermining commercial confi dence. As the victims of online crime pile up, more and more of them will look for someone to hold responsible.

And it won’t be the hackers, it will be the brands that customers trusted to protect them.

這一新興服務業的創新與活力,連專家都感到驚訝。駭客撰寫的程式碼是博士級水準,問題的解決方案既富創意又有效率,加上對市場狀況反應靈活,也極為注重客戶服務。如果這個由不法駭客組成的鬆散集合體是一家公司,必然是極具研究價值的成功個案。 網路犯罪服務如此複雜又威力十足,不禁令人懷念起過去簡單的網站破壞技倆與電子郵件病毒,裡面通常附有可愛的訊息。這類新型犯罪不僅干擾企業經營,甚至威脅到企業的生存,因為會驚嚇到顧客,讓人們對電子商務失去信心。隨著網路犯罪日益猖獗,會有愈來愈多受害者想找出該為此負責的人,只不過他們的矛頭不會指向駭客,而是他們原本相信能保護顧客權益的企業。

延伸閱讀 惡意軟體成熱門商品





防毒軟體大廠邁克菲(McAfee Avert Labs)資安研究經理大衛.馬克斯表示,人們可以從德國及東歐集團的特洛伊木馬程式開發網站購買套件,還可以簽訂年度合約獲得惡意軟體的支援。



古特曼說,去年3月時,惡意軟體網站販售Gozi Trojan(竊取資料,再以加密格式寄送給駭客)基礎版的報價介於1000到2000美元之間,買家可以再付費購買外加服務,由20美元起價。

分享 Line分享分享 複製連結