Please create an account to participate in the Slashdot moderation system


Forgot your password?
Security IT

Cybercrime-As-a-Service Takes Off 113

pnorth writes "Malware writers that sell toolkits online for as little as $400 will now configure and host the attacks as a service for another $50, according to email offers cited by security experts. A technical account manager at authentication firm Vasco said that cyber crime is becoming so business-like that online offerings of malicious code often include support and maintenance services. He said 'it was inevitable that services would be sold to people who bought the malware toolkits but didn't know how to configure them. Not only can you buy configuration as a service now, you can have the malware operated for you, too.'"
This discussion has been archived. No new comments can be posted.

Cybercrime-As-a-Service Takes Off

Comments Filter:
  • by Shivinski ( 1053538 ) on Thursday March 12, 2009 @07:34PM (#27175279) Homepage
    Once you see the toolkits cracked and pirated on torrent site's :P
    • Re: (Score:2, Insightful)

      by Hurricane78 ( 562437 )

      On torrent site's what?

    • by timeOday ( 582209 ) on Thursday March 12, 2009 @08:41PM (#27175867)
      I think your comment is more insightful than funny. The question is, can an unregulated blackmarket grow and thrive without law - no contract enforcement, courts, or police?

      Some would point to the large sums of cash in the illicit drug trade as evidence that it can, but I point to the stratospheric markup on illicit drugs as evidence that the market is horribly inefficient. The markups show there's a shortage of suppliers - due in part to law enforcement, I'm sure, but being in the drug trade also means running the risk of being gunned down (or worse) by competitors. Personally I prefer a bit more regulation in my markets than that.

      • Re: (Score:2, Insightful)

        The illicit drug trade is regulated, or do you not think that something being made totally illegal counts as a regulation?

        It is because of that regulation (your business cannot exist) that drug dealers cannot seek any kind of arbitration, private or government.
        • by zippthorne ( 748122 ) on Thursday March 12, 2009 @11:23PM (#27176991) Journal

          Totally not true. If there is enough money on the table, whole illicit governments will form to take care of the people's need for illicit arbitration and such.

          That's the true nature of the "protection racket" and the danger to the legitimate government is that it can be supplanted by the illicit government.

          The market exists. Whether free or not, open or not, the market has formed and exists. The best you can hope for as a government is to influence it in small amounts here and there to achieve your aims. Push too hard and you'll find that like a river delta, it routes around you or bypasses you entirely.

          That is why prohibition is dangerous.

        • the illicit drug trade is completely regulated:

          on the state level in illinois there is a $25 dollar tax per 1/4 oz sold. all weed sold must have said stamp.

          and on the neighborhood level- if you dont bay back guido for that 1/2 lb of blow you were gonna flip for that killer gaming rig- vinnie and johnny "no nose" vespucci come over and regulate your ass.

          ~puts on tinfoil hat~
          i left the feds out cuz i am still up in the air about the CIA sellin crack...[citation needed]
          ~removes tinfoil hat~
        • Yeah, and with a little luck we'll start finding the heads of "legitmate business owner" hackers in ice chests left in a Mexican desert....

      • by Jurily ( 900488 )

        The markups show there's a shortage of suppliers - due in part to law enforcement,

        You haven't been to a lot of UK pubs lately, have you? The only shortage is in quality control.

      • Freakonomics had a really good article about the drug business and in a way, it is efficient. There is ample supply, despite law enforcement. And, there are more than enough interested workers, who actually wind up making, on average, slightly less than minimum wage.

        Basically, drug culture is an -illusion- of wealth, because while a few do get rich, its ultimately just terrible work for the vast majority of people that participate in it. It tends to thrive in impoverished areas, because, for those people, there's just no work at all.

        • Basically, drug culture is an -illusion- of wealth, because while a few do get rich, its ultimately just terrible work for the vast majority of people that participate in it. It tends to thrive in impoverished areas, because, for those people, there's just no work at all.

          So basically, it's like any other market?

          • by tjstork ( 137384 )

            So basically, it's like any other market?

            No, because other markets tend to have limited employment because of various barriers to entry for employees. There's technical skills, geographic considerations, and more that all drive up salaries in other professions. But in the drug world, there's no such skills required. Anyone can be a drug dealer, and they get paid as what they are - unskilled, uneducated labor.

        • Not only does this market exist, but it thrives without the need for patents to protect one vendor from the other.

      • Most people stay out of the business because of the high risk of being caught or things turning violent. High risk = high prices = high reward.
    • by DNS-and-BIND ( 461968 ) on Thursday March 12, 2009 @09:04PM (#27176079) Homepage
      Apostrophe's are for pural's, dude's
    • by kribor ( 113957 )

      Recession got you down? Pissed off because your job got outsourced to Bangalore so your boss could get a fat bonus? No jobs openings in your area?

      We're here to tell you of the many new amazing opportunities here for you in the world of online criminal enterprise. For an investment of a mere $550, you can be on your way in the exciting and profitable world of cybercrime.

      But wait, there's more. For the next 10 min. we're offering the WrongCo ATM Card skimmer attachment. Just attach one of these beauties to th

  • Honesty? (Score:5, Insightful)

    by LinuxGeek ( 6139 ) * <djand DOT nc AT gmail DOT com> on Thursday March 12, 2009 @07:36PM (#27175299)

    Will the sellers be honest enough to give you all the money they drain from bank accounts?

    • Will they even be honest enough to give you the service or support you paid for? I wouldn't even trust them that far.

      • Re:Honesty? (Score:5, Funny)

        by interkin3tic ( 1469267 ) on Thursday March 12, 2009 @09:27PM (#27176227)

        Will they even be honest enough to give you the service or support you paid for? I wouldn't even trust them that far.

        I'm not very familiar with people who make malware, but I'd imagine/hope the "support" would look something like this:

        Customer: Yes, I'm having problems with your product, the Malwarator 1000
        Anonymous support: LOL FUCK YUO NOOB!!1

        If it offends any malware writers to be stereotyped like that, particularly the guys behind antivirus 2009, give me your home address and I'll mail you an apology.

      • The black market deals in trust, you know they'll deliver their service and support to you because they've delivered service and support to other people you know.

        Obviously they might one day just pack up and leave with all your money but that's life in the black market for you.

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      Criminals are actually quite honest when you're the customer rather than the victim. The underground economy is a dangerous place and reputation is everything.

      • by jcr ( 53032 )

        Sounds like you've been watching The Sopranos a bit too much.


    • I expect it's like any other kind of crime "service". You generally don't pay someone to just rob some random people for you and give you the money. You pay someone to kill a specific person, or help blackmail a specific person/company, threaten someone in particular or knock off a target you have specific requisite knowledge of. In any case, even if they could rip off their clients, they'd have a hard time marketing their "service" again.

      I can't see it usually being people taking $450 to "just get some

    • Honestly? Yes. I think it's a matter of risk more than anything. A writer of a trojan could claim that it wasn't intended to be used for illegal purposes, he didn't mean for it to have any purpose but pen-testing and research, etc., that may help him avoid heavier prosecution than the person who is actually committing the act.
  • by earlymon ( 1116185 ) on Thursday March 12, 2009 @07:38PM (#27175321) Homepage Journal

    And given that it's a franchise business model, I guess I'd like to know two things: are there delivery guarantees and does Uncle Enzo know about this?

  • by Anonymous Coward

    This whole article is based on some blog posting of an email that is offering a trojan toolkit and hosting for it.

    We do not know if the email is legit or fake.

    This was pimped at some security convention as proof that security online has somehow changed recently. Of course the people discussing it have a motive to make money of the folks who buy security services/software for their companies.

    I find this article to be of little value, nothing revolutionary was mentioned, and on the whole barely worth posting

  • Bastards (Score:5, Funny)

    by Anonymous Coward on Thursday March 12, 2009 @07:55PM (#27175483)

    Closed-source malware hurts the developer community!

    I demand FOSS malware!

  • by AHuxley ( 892839 ) on Thursday March 12, 2009 @07:58PM (#27175513) Journal
    Old people go on low-budget package tours of countries.
    If your a Mac, Linux or Windows user and all you have is instant messenger details. At very best a non-static IP thats days or weeks old?
    To be able to skype a real business-like cyber crime expert and have them talk you thru entering another persons computer is so worth $400.
    The thrill of reading the real name of the computer owner.
    To see the desktop.
    Looking deep into the directories, emails, draft letters.
    Compressing and sending out all other chat logs.
    Leaving malicious code behind so you can always stay in contact.
    If there is a hardware upgrade or software problem, friendly help is a just call away.
    All from the comfort of your own home.
    • I have the hugest fucking hardon at this moment

  • by Anonymous Coward

    The FBI and CIA really need to do something about this. The revenue generated by spamming and malware could be going directly to funding terro... aww, who am I kiddin, the FBI and CIA already knows that terrorism gets all of its funding by pirating movies and music.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      Sadly, the majority of terrorist funding comes directly from the FBI and CIA.

  • Law enforcement (Score:5, Insightful)

    by Phroggy ( 441 ) <.moc.yggorhp. .ta. .3todhsals.> on Thursday March 12, 2009 @08:04PM (#27175563) Homepage

    So, if they're selling support, presumably there's a way to contact them, and if there's a way to contact them, shouldn't it be possible to identify them?

    Are these activities not illegal?

    • Probably not illegal in Rwanda, lol.

    • Re:Law enforcement (Score:5, Interesting)

      by QuoteMstr ( 55051 ) <> on Thursday March 12, 2009 @09:52PM (#27176409)

      Money laundering. Over at Wikileaks, there's a fascinating letter [] written by a member of the child pornography community. The author goes into quite a bit of detail about the overall organization and operation of the black hat community. You should take the letter with a grain of salt, of course, but it's certainly very interesting.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Wow. That letter gets a +10 insightful. It's a shame that the very people who most need to read (and more importantly THINK ABOUT) its contents never will. Even were the subject not the #1 taboo of the Western world, the fact that it's a small minority being targeted means that the average person simply won't care. After all, small minorities who indulge in far lesser taboos (like the canonical example of pot growing) are rotting in jail and the average person doesn't care.

      • I read bits of that link and wondered if the writer is a parent.
    • I don't really know if it is possible to identify them but it might be a good starting point for a FBI sting operation. With time, a FBI plant might be able to worm his way into the operation.

    • You can be pretty anonymous when you check your hotmail through a couple of botnet proxys

    • by Renraku ( 518261 )

      They're illegal, but the people are either proxied to hell and back so they could be about anyone.

      In reality, they're probably in a country that doesn't give a damn and will refuse to let them be extradited anyway.

  • Yeah, but (Score:1, Redundant)

    does it run on Linux?

  • ... before we can visit the 'hacker dude' who lives in his apartment, never leaving, sure the government is after him, and who provides shady services for a steep price.

    Just as has been predicted by nearly every sci-fi cyberpunk fiction in existence.

    The difference being that there will be no plot-forwarding exposition in person... it'll be a credit transaction through a forum or website.

    I wonder if evil hackers use credit? Who would trust them enough to give the info out? Do they Paypal? Who would trust any

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      Actually, I think I'd be more willing to trust websites cybercriminals use for money transactions. After all, if they think it's secure enough to trust their revenue stream to it, it probably is.

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      Do they Paypal?

      Mainly they use e-payment brokers in .ru that are relatively anonymous, especially if you're using fake identities which they of course are.

    • by mevets ( 322601 )

      | I wonder if evil hackers use credit...
      I think they just take the money from your bank account.

  • It's true (Score:5, Funny)

    by phantomfive ( 622387 ) on Thursday March 12, 2009 @08:13PM (#27175645) Journal
    A few months ago I was really getting sick of working support lines for Intel, with all the stupid users calling in and complaining about stupid things, and I could do nothing about it (I mean really, if your computer isn't plugged in, it's not my fault!!). So I heard about this new business, and applied for a job as a first-line support rep for a certain malwa^W ahem Alternative Software for the Dark Side company whose precise name I will not reveal for privacy reasons.

    The hours aren't great, and the severance package is well, horrible, BUT it does have the advantage that I can send any cases over to the hitma^W ahem Planned Termination and Collections department. Customers are so much more respectful somehow. Maybe I should post this anonymously.
  • Clicking the link on Vasco in the story just takes you to their home page, but it does not provide any additional content regarding the story on Malware toolkits.

  • by Dr. Spork ( 142693 ) on Thursday March 12, 2009 @08:30PM (#27175783)

    There are many smart people who predict the waning importance of states in the new global order, and I'm sure they'll be very excited to hear this. Already, criminal gangs are formidable competitors to many states (for example: Afghanistan, Columbia and Mexico - but the full list would be far longer).

    Open source methods of terrorism will mean that the state will probably no longer be the most effective source of personal security in the future, and global financial breakdowns might further encourage something like a new tribalism. In a situation like that, armed criminal gangs might in effect become the government in many regions. Witness, for example, that the Taliban just took over a huge swath of Pakistan and imposed their own crazy law. Pockets like these will be immune to reach of international diplomacy, and they'll probably host stuff like this (and maybe the next Pirate Bay, if they can make money doing it). It's gonna be a crazy future!

    • If effectively these organizations become the new state, does that make them terrorist organizations or simply another form of government? Government existed for centuries (and still does) on who has the best weapons and the biggest army. Theres a few reasons though why this won't happen so long as the constitution is protected. A) The ability for the public to arm themselves, a small gang can easily terrorize a neighborhood, however, if the neighborhood happens to be well armed, then the fact that the gang
    • by Kjella ( 173770 )

      There are many smart people who predict the waning importance of states in the new global order, and I'm sure they'll be very excited to hear this. Already, criminal gangs are formidable competitors to many states (for example: Afghanistan, Columbia and Mexico - but the full list would be far longer). In a situation like that, armed criminal gangs might in effect become the government in many regions.

      Not disputing that organized crime is plenty powerful, but in a historical perspective I really doubt the current incarnations are worse than Al Capone, the Mob, various creepy dictators and genocides all over the world. In fact I'd say it's getting tougher and tougher to get away with shit because people have cameras and satellite connections and mass media which means that the kind fo mass exterminations that Pol Pot did wouldn't go so "unnoticed" anymore. The more quiet "don't mess with our business, and

      • No, don't picture this like the Mob. Think of it more like a big Hezbollah, who already perform many municipal services in places ravaged by combat or neglected by the state.
  • by w0mprat ( 1317953 ) on Thursday March 12, 2009 @09:28PM (#27176231)
    Pay services start out expensive, proprietary and monopolised. So starts the three stages of business in the information age.

    Eventually they become affordable and ubiquitous with competition driving down the market rate.

    Finally it becomes difficult to charge for services at all, and micro payment schemes become a stop gap before it becomes unprofitable.

    So wait a while and there will be ad-supported crime services!
  • I suppose this is yet another "Windows Only" type of thing. It's not all bad being excluded I guess.

  • Now that it's a push-button operation:

    Announcer: Oh how long can trusty Cadet Stimpy hold out? How can he possibly resist the diabolical urge to push button that could erase his very existence? Will his tortured mind give into its uncontrollable desires? Can he withstand the temptation to push the button that even now beckons him ever closer? Will he succumb to the maddening urge to eradicate history with the mere push of a single button? The beautiful SHINY button. The jolly CANDY-like button. WILL he hold

  • Oddly, this reminds me of the game Uplink - in which the player is hired to do various attacks on computer systems for a fee. []

  • I saw another article on this about 18-24 months ago that had a link to a site which looked just looked like Amazon or any other eCommerce site. You got to choose from a variety of attacks, how many attacking PCs you wanted in your botnet, pick a target then enter a credit card and the job was done. Heck, it even looked 'cheery' - all bright colours and all. It was bizarre scrolling down the list looking at the options available.

Thus spake the master programmer: "When a program is being tested, it is too late to make design changes." -- Geoffrey James, "The Tao of Programming"