Cybercriminals: A Look at Their World and Their Threat to Business

A disturbing look at the far-reaching depths of the cybercriminal network--and what you can do to make sure the bad element stays out of your company.
Magazine Contributor
6 min read

This story appears in the August 2011 issue of . Subscribe »

The face of today's cybercriminal looks surprisingly familiar. He has an expansive network of partners and technology geeks. He's contracted out research and development to write his software and middle managers to make sure everyone in his organization is doing their part to rake in the dough. He's a smart businessman who is able to leverage others' skill sets to turn a profit.

Sounds like someone you can relate to, right--someone embracing the entrepreneurial spirit? That's precisely the problem. That character is emblematic of the new wave of cybercriminals who are taking over the internet, making millions off the backs of honest business owners and consumers around the world.

Related: Six Tips for Surviving a Cyber Security Threat

"Over the past year, cybercriminals have been more financially motivated than ever," says Neil Daswani, co-founder and chief technology officer of security firm Dasient. "Cybercriminals are very entrepreneurial indeed, although they are surely not moral."

And the way things have transpired, these shadowy cybercriminals don't even need to be tech whizzes to steal from you. "The underground economy has evolved with specific roles that are sought after and paid for," says Michael Sutton, vice president of security research for cloud security provider Zscaler. "This has allowed criminals without a technical background to benefit from web- and e-mail-based attacks. They don't need to create the attacks themselves--they simply purchase an exploit kit in the underground and it handles the heavy lifting for them."

The Cybercriminal Syndicate
These are the folks who hire all the other specialists to carry out their criminal master plans.

Middle management
The kingpins usually have their team of lackeys to help mobilize the work force, pay contractors and do the dirty work involved in turning stolen identities into tangible dollars.

Malware-kit writers
These coders create plug-and-play malware kits that allow non-techies to start infecting computers for profit without ever learning geek speak.

Bot herders
These specialists either use malware kits or write their own code to infect machines in order to build up a bot network of "zombie" machines to do their bidding.

Flaw finders
These hackers troll the internet looking for banking and commerce sites with exploitable vulnerabilities that could be used to break in to steal information, products or money.

Card cloners
These are the experts tasked with turning stolen credit card information into fake credit cards that can be used at ATMs or card terminals to actually steal the money.

These foot soldiers are used to take stolen cards to ATMs and make withdrawals.

Money mules
Mules are hired out to open up bank accounts and move stolen money from the U.S. to foreign accounts owned by the kingpins. --E.C.

Today's cybercrime economy is made up of a complicated mix of specialists, each of whom makes money doing one thing really well. It's classic capitalism at play. There are people who write malware kits to scan the internet and infect computers automatically. There are those who use that malware to gather infected machines and control them in a collective computing pool called a botnet. There are others who rent out botnets to run larger attacks against banks, or to steal big pools of identities. There are still more criminals who use stolen identities to actually go to ATM machines and steal the money.

And then there are the kingpins. Typically operating in Eastern Europe or China, beyond the law enforcement reach of Western countries, they take all the different resources available and come up with the business plans to put fraudulent schemes into action. They either put the specialists on their payroll or hire them as contractors to do their individual parts.

"They piece it all together," says David Koretz, CEO and president of security firm Mykonos Software. "They go to one group to write the virus, a second group to take the virus and use it to build a big network, a third group to find a vulnerability in an e-commerce site and a fourth group to attack that site and do tens of thousands of transactions in a few minutes by using a wide range of bots. Now all of a sudden they've done a million dollars of theft in a few minutes."

As a case study in the organic development of a free-market economy, the evolution of the modern hacking ecosystem is fascinating. It's also horrifying, because it comes at the expense of small businesses. According to security experts, small businesses are ideal targets for the cybercrime syndicate because they tend to have more computers, stored data and money to steal from than the average consumer, and much fewer security protections in place than larger enterprises.

"The sweet spot really is the small business," says Kevin Haley, director of Symantec Security Technology and Response.

One of the big misconceptions that small-business owners and sole proprietors tend to have is that they can't possibly be targeted by the bad guys. It's hard enough to get customers to find your website, so how's a crook from Estonia going to find you? The thing to remember is that these criminal entrepreneurs have completely automated their hacking schemes, says Chester Wisniewski, senior security advisor at security firm Sophos.

"We need to understand that Bob's lawn mower business isn't being targeted by criminals--they're just looking for every single instance of a vulnerable website on the internet, and if they can find one, they infect it," Wisniewski says. "So the thought that 'I'm too small, they're not going to hit me' isn't really a valid defense. Certainly you aren't going to be targeted the same way that Sony was targeted. But that doesn't mean you won't be targeted--you're just going to be targeted by an automated bot."

Clearly, you're the hunted in all of this. And just as animals evolve to develop camouflage and protections from predators, you need to adjust your business to avoid becoming lunchmeat.

More from Entrepreneur
Our Franchise Advisors will guide you through the entire franchising process, for FREE!
  1. Book a one-on-one session with a Franchise Advisor
  2. Take a survey about your needs & goals
  3. Find your ideal franchise
  4. Learn about that franchise
  5. Meet the franchisor
  6. Receive the best business resources
Discover the franchise that’s right for you by answering some quick questions about
  • Which industry you’re interested in
  • Why you want to buy a franchise
  • What your financial needs are
  • Where you’re located
  • And more
Make sure you’re covered for physical injuries or property damage at work by
  • Providing us with basic information about your business
  • Verifying details about your business with one of our specialists
  • Speaking with an agent who is specifically suited to insure your business

Latest on Entrepreneur