Global cyber-criminal revenues hit US$1.5 trillion annually
Chris Hamblin, Editor, London, 20 April 2018
A study commissioned by Bromium has exposed routine links between cybercriminals, illegal drug production, human trafficking and terrorism.
Bromium, the Californian anti-malware firm, is promulgating a study that looks at the interconnected dynamics of cybercrime which have led to US$1.5 trillion in illicit profits being acquired, laundered, spent and reinvested by cybercriminals. This is equal to the GDP of Russia and half that of the UK.
Conservative estimates, which is what the research claims to be making, state that if cybercrime were a country it would have the 13th highest GDP in the world. The $1.5 trillion figure includes:
- $860 billion – illicit/illegal online markets
- $500 billion – theft of trade secrets/IP
- $160 billion – data trading
- $1.6 billion – crimeware-as-a-Service
- $1 billion – ransomware
The report finds evidence that cyber-criminal revenues often exceed those of legitimate companies, especially small or medium ones. In fact, revenue generation in the cybercrime economy takes place at a variety of levels – from large multi-national operations that can make profits of more than $1 billion to smaller operations where profits of $30-50,000 are the norm. However, the report asserts that is is misleading to compare cybercrime with business. Cybercrime is more accurately described as an economy, “a hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting, and maintaining criminal revenues at an unprecedented scale,” according to Dr Michael McGuire.
The report suggests that there is now a growing amount of interconnection and interdependence between both the illegitimate and legitimate economies. This is creating what McGuire terms ‘the Web of Profit,’ adding: “Companies and nation states alike now make money from the Web of Profit. They also acquire data and competitive advantages from it, and use it as a tool for strategy, global advancement and social control. There is a range of ways in which many leading and respectable online platforms are now implicated in enabling or supporting crime (albeit unwittingly, in most cases).”
Platform criminality in a post-crime era
Platform capitalism – a term used to describe the likes of Uber, Facebook and Amazon – is offering fertile ground on which hackers can further their gains. They 'hack' companies to acquire data about users and intellectual property; they disseminate malware; they sell illegal goods and services (in today's police state, the number of things that one cannot legally sell has grown and is growing exponentially, to the benefit of criminals); they set up fake shop fronts to launder money; they connect the buyers and sellers of stolen goods. It is evident that cybercriminals are adept at manipulating existing platforms for commercial gain. Platforms may well be the targets and unwitting helpers of cybercrime, but the report suggests that they have also inspired criminals to emulate them.
McGuire explains further: “This is creating a kind of ‘monstrous double’ of the legitimate information economy, where data is king. The Web of Profit is not just feeding off the way wealth is generated there; it is reproducing and, in some cases, outperforming it. The main contribution of platforms (companies like Facebook, Google and Amazon) is to connect individuals with a service or product. The platforms produce nothing themselves in this process, but the end-user consumers provide platforms with the most precious of all commodities within an information-based economy – their data. We are now seeing the same thing in the cybercriminal underworld.”
The report shows that cybercriminal platform owners are likely to receive the biggest benefit from this new wave of cybercrime and that the owners will distance themselves from the actual commission of crime. In fact, McGuire thinks that this-or-that hacker may only earn around US$30,000 per year. Managers can earn up to $2 million per job – often with just 50 stolen card details at their disposal. McGuire refers to this as a shift to ‘post-crime’ reality, where cybercriminals are taking a ‘platform capitalism’ approach to selling, rather than committing crime.
Team McGuire found criminal sites offering ratings, descriptions, reviews, services, and even technical and customer support. These platforms are improving the criminal ‘customer experience’ and allowing easy access to services and products that support the commission of crime on a global scale. Some examples of services and products include:
- Zero-day Adobe exploits, up to $30,000.
- Zero-day iOS exploit, $250,000.
- Malware exploit kit, $200-$600 per exploit.
- Blackhole exploit kit, $700 for a month’s leasing, or $1,500 for a year.
- Custom spyware, $200.
- SMS spoofing service, $20 per month.
- Hacker for hire, around $200 for a 'small' hack.
These platforms generate revenue on an industrial scale, with their own sets of digital currencies and exchanges, production zones, tools supply, technical support, global distribution mechanism and marketplaces. They deal with specialised producers, suppliers, service providers and consumers. Advertising is a major generator of revenue also: before being taken down in 2016, the ‘Kickass Torrents’ platform was worth more than $54 million, with an estimated $12.5-$22.3 million annually in ad revenue alone.
Reinvestment and the furtherance of crime
As in the legitimate economy, criminal enterprises are going through digital transformation and diversifying into new areas of crime. McGuire found cybercriminals to be reinvesting 20% of their revenues into further crime, which suggests that up to $300 billion is being used to fund future cybercrime and other types of crime (such as the manufacture of recreational drugs) that Americans think of as serious.
For example, the takedown of Alphabay – one of the largest dark-web online markets – revealed that in addition to more than 250,000 listings for illegal drugs, there were also listings for toxic chemicals, firearms, counterfeit goods, malware and more than 100,000 listings for stolen and fraudulent identifying documents and access devices. This is proof that platform criminals can easily adapt to help their cohorts in other areas.
The report identifies the development of cybercrime growth cycles, where money generated from cybercrime is being reinvested into further crime. Many of the larger cybercrime operations reinvest revenues into expanding and developing themselves, for instance by buying more crimeware, by maintaining websites and by paying money-mules. They do, of course, spend their money to support other types of crime.
McGuire continues, in true American fashion: “We can clearly link cybercrime to the spread of new psychoactive substances with over 620 new synthetic drug types on the market since 2005. Many substances of this kind are manufactured in China or India, purchased via online markets, then shipped in bulk to Europe. But there is also evidence that groups who acquire revenues from cybercrime are involved in the active production of drugs. For example, the arrest of a Dutch money laundering gang also led to the discovery of ingredients they possessed to make ecstasy – further highlighting a material link between cybercrime actives and organized crime activities.”
The report also points to the fact that platform criminality is contributing to the issue of human trafficking. McGuire continues: “Pimps frequently use the internet as a tool for gathering revenues from clients and workers [by 'workers' he seems to be mentioning prostitues, although the full report is not available] and then recycle this back into the logistics (and costs) of trafficking victims from target locations with economically vulnerable populations.”
McGuire also found a rare connection between cybercrime and terrorism. The report highlights one case where cybercrimes were committed specifically to generate revenues for terrorist activities. “One British-born follower of Al Qaeda, who provided technical assistance to the terror group in relation to uploading videos, quickly realized that his technical skills could also be used to commit cybercrimes. He began to acquire stolen credit card numbers through transactions on online forums, such as Cardplanet, gathering over 37,000 separate card data files and generating more than $3.5 million in revenues.”