ALL IT TAKES to make over $900,000 (€830,000) a year is to learn some code, pick up some Russian, decide to become a criminal, and have no fear. That’s it. Put it all together, take a deep breath, and then even you can become a novice cybercriminal.
That’s what Ziv Mador, VP of security from information-security company Trustwave, showed me. He gave me an exclusive look into his research about the criminal underbelly of the internet. And it turns out hackers stand to rake in quite a bit of money if they know how to operate and where to turn.
In fact, according to his conservative estimates, even the most rudimentary of hackers stand to make as much as $80,000 (€74,000) a month.
Doing so isn’t so hard. The world of hacking and selling exploits is replete with people looking to hawk their coded goods. But let’s not focus on what one must do to enter this world; it’s really the numbers that speak for themselves.
Mador explained that the ecosystem of hacking consists of renting access to already-made exploits. These offerings are available on Craigslist-like sites, but for hacker eyes only.
The security expert said that most people using these sites are Russian or Eastern European (or at least speak the language). He added that it takes a lot to get into these hidden networks; they “require some trust with other cybercriminals to get in.”
But once someone is in the club, a novice hacker could find numerous malicious services at his or her fingertips.
For example, a hacker hoping to inject malicious links into a website would have to both figure out a way to gain access to a popular website to put in the bad links, and then would have to lease access to an exploit to deliver to victims. Then he or she would also like to ensure that the malware isn’t detectable. All of these services are available, ready-made, online, and for a price.
Hacking works much like businesses do: In order to start out you have to have supplies and a place to operate. This costs money. Trustwave crunched the numbers for how much a hacker would likely spend on his or her hacking supplies. Putting it all together it came to about $5,900 (€5,400).
Here’s Trustwave’s rundown of the cost:
But don’t worry, there’s a payoff. Using very conservative estimates, Mador and his team tried to figure out how many successful victims a hacker could get a month. If they put the exploit on a pretty well trafficked page, it could see as many as 20,000 users a day. Only 10% of those victims will be successfully exploited, he believes.
And of those 10%, if the exploit is a ransomware — which takes victims’ files hostage until a bounty is paid — only 0.5% of those will actually pay up.
That comes to a “daily income of $3,000 (€2,800),” said Mador.
When you subtract the monthly cost, that comes to $84,000 (€77,000) a month:
Mador added, “these [estimates] are all very conservative.” But they are all based on the transactions that Trustwave saw firsthand.
The long and the short of it is that Mador and his team witnessed hackers and hacker gangs rake in money by pulling off not too difficult online schemes.
What really makes them effective is that hacking has become a well-oiled machine. It’s no longer every man for himself. Instead, it’s some coders offering their expertise (for a price of course). And when you put all the parts together you get a truly complex ecosystem that rivals century-old industries.
If you want to learn more about the ins and outs of the hacking business, you can see more of the presentation here.
To embed this post, copy the code below on your site
have your say