Coder's Arrest Reveals Impact of Cybercrime as a Service

When I first heard about Europol's arrest of a coder in Thailand, it seemed like another drop in the cybercrime bucket.

But as I investigated beyond the headlines, I discovered that this case reveals quite clearly the impact and implications of cybercrime as a service.

I could have a company hacked tomorrow. Or you could launch a cyber attack against a company next week. The possibilities are vast.

According to investigators in this case, the coder they arrested was an accomplice with several others (now in jail) who hacked a British company last year and stole a large amount of customer data and user credentials.

But the mastermind in the whole thing was not a hacker; instead, it was the guy with the cryptocurrency willing to pay to have the job done.

Says Europol, "The main suspect admitted his involvement in the blackmail but hired the services of a hacker on the dark web to carry out the cyber-attack."

Taking a 'digital hit' out on an organization

I still remember covering a murder case in Washington State in the early 1990s many years ago. A wife wanted her husband dead and offered someone $10,000 to do the job. She asked the wrong person, who told police. But in a small town, there weren't many options for someone to do your dirty work.

Now that has completely changed. The Dark Web would make it easier for that real life "hit" to happen. And it has made taking a "digital hit" out on any organization much easier to accomplish.

Cyber extortion was the goal

What did the mastermind of the British company hack do after the criminals he hired brought him customer data and credentials? Two things:

1. He offered proof to the company of a successful hack: "This person shared a large number of credentials with the company to prove that they had access to the data."
2. He attempted extortion: "He also demanded ransom of either almost EUR 580,000 for the non-disclosure of the customer data or over EUR 825,000 for information on the security breach and how to handle it. For each day the company failed to pay, there would be a ransom of EUR 210,000. The ransom was to be paid in Bitcoin."

Europol says these type of attacks are typically targeted at medium- to large-sized enterprise organizations with a greater means to pay.

And if possible, the attack will coincide with a time when a company is likely to be doing big business. Gambling sites are at higher risk, for example, around the Super Bowl or the World Cup.

Why the cyber threat landscape is exploding

SecureWorld interviewed Cigna CISO James Beeson at one of our regional cybersecurity conferences. 

He believes a low global standard of living coupled with the need to survive will fuel growth in cybercrimes as billions more become connected to the internet.

“If you’re making $10 a day and you can make more using malware as a service, or a syndicated crime syndicate offers you $20 a day to help penetrate networks, what are you going to do?”

SecureWorld gets pitched 'hacker-for-hire' service

We always welcome comments on our stories here at SecureWorld, however, we moderate the comments to make sure they are appropriate. Lately, there have been attempts to sell hacking as a service by posting comments to our website. Here is one of those comments:

It's hard to say if this is legitimate or just a scam. But we know the Dark Web is crawling with bad actors.

With more hackers than ever willing to do the dirty work, criminals of all types will find increasingly affordable options to hire someone from the Dark Web with a business model of cybercrime as a service.