Organised cybercrime can be as profitable as smuggling hard drugs, says a security industry expert.
Guillaume Lovet, a threat response specialist with security vendor Fortinet, says his independent research proves that a major phishing scam can net the same profits that professional crooks make dealing heroin.
Presenting his findings at the Virus Bulletin Conference in Montreal, Lovet revealed how similar the structure of a mafia organization is to a gang of cybercriminals.
He identified four levels of cybercriminal: the 'coders', who have the same role as programmers in any legal organization; the 'kids' who use tools designed by coders to steal bank details or other sensitive information; the 'puppet masters' who know how to process the resulting income; and lastly the 'mules', used by the puppet masters to turn electronic money into untraceable, spendable currency.
A 'kid' hacker might, for instance, steal details of a bank account worth $170,000, for which they will receive a mere $400, says Lovet. He points out that in the developing countries where much of the rank and file of the cyber crime value chain is based, this sort of reward greatly exceeds earning potential from most legal occupations.
The biggest share of the reward, says Lovet, gets split between the gang masters and their laundering mules, who take around half the proceeds for the risk of turning so-called elecronic wealth into real cash. These different elements of the cyber crime network often use web chatrooms to hook up with each other, where their real identities and even countries of origin can remain anonymous, he believes.
Like many other security experts, Lovet's tip for the next cyber crime growth area is botnets that replicate across networks of smartphones. He warns of a scenario where 'botnet herders' control armies of 5,000 or more mobile devices ready to be exploited by shady organizations for profit.
Security analysts pinpoint 2004 as the year when profits from cyber crime topped profits from the drug trade. Valerie McNiven, who advises the US Treasury on cyber criminals, says they generated over $105bn in that year from online scams, a figure she says is certain to continue growing year on year.
