Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercrime-As-a-Service Takes Off

Posted by timothy on from the no-need-for-subtlety dept.

pnorth writes "Malware writers that sell toolkits online for as little as $400 will now configure and host the attacks as a service for another $50, according to email offers cited by security experts. A technical account manager at authentication firm Vasco said that cyber crime is becoming so business-like that online offerings of malicious code often include support and maintenance services. He said 'it was inevitable that services would be sold to people who bought the malware toolkits but didn't know how to configure them. Not only can you buy configuration as a service now, you can have the malware operated for you, too.'"

24 of 113 comments (clear)

  1. You really know when its a business... by Shivinski · · Score: 5, Interesting

    Once you see the toolkits cracked and pirated on torrent site's :P

    1. Re:You really know when its a business... by Hurricane78 · · Score: 2, Insightful

      On torrent site's what?

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
    2. Re:You really know when its a business... by timeOday · · Score: 4, Insightful
      I think your comment is more insightful than funny. The question is, can an unregulated blackmarket grow and thrive without law - no contract enforcement, courts, or police?

      Some would point to the large sums of cash in the illicit drug trade as evidence that it can, but I point to the stratospheric markup on illicit drugs as evidence that the market is horribly inefficient. The markups show there's a shortage of suppliers - due in part to law enforcement, I'm sure, but being in the drug trade also means running the risk of being gunned down (or worse) by competitors. Personally I prefer a bit more regulation in my markets than that.

    3. Re:You really know when its a business... by zach_the_lizard · · Score: 2, Insightful

      The illicit drug trade is regulated, or do you not think that something being made totally illegal counts as a regulation?

      It is because of that regulation (your business cannot exist) that drug dealers cannot seek any kind of arbitration, private or government.

      --
      SSC
    4. Re:You really know when its a business... by DNS-and-BIND · · Score: 3, Funny

      Apostrophe's are for pural's, dude's

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    5. Re:You really know when its a business... by roblarky · · Score: 5, Funny

      Stewie: "Uh, on torrent site's what, Brian? Over."

    6. Re:You really know when its a business... by clarkkent09 · · Score: 4, Funny

      apparently on torrent site's P drive

      --
      Negative moral value of force outweighs the positive value of good intentions.
    7. Re:You really know when its a business... by zippthorne · · Score: 3, Insightful

      Totally not true. If there is enough money on the table, whole illicit governments will form to take care of the people's need for illicit arbitration and such.

      That's the true nature of the "protection racket" and the danger to the legitimate government is that it can be supplanted by the illicit government.

      The market exists. Whether free or not, open or not, the market has formed and exists. The best you can hope for as a government is to influence it in small amounts here and there to achieve your aims. Push too hard and you'll find that like a river delta, it routes around you or bypasses you entirely.

      That is why prohibition is dangerous.

      --
      Can you be Even More Awesome?!
  2. Honesty? by LinuxGeek · · Score: 5, Insightful

    Will the sellers be honest enough to give you all the money they drain from bank accounts?

    --

    Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
    1. Re:Honesty? by broken_chaos · · Score: 2

      Will they even be honest enough to give you the service or support you paid for? I wouldn't even trust them that far.

    2. Re:Honesty? by interkin3tic · · Score: 4, Funny

      Will they even be honest enough to give you the service or support you paid for? I wouldn't even trust them that far.

      I'm not very familiar with people who make malware, but I'd imagine/hope the "support" would look something like this:

      Customer: Yes, I'm having problems with your product, the Malwarator 1000
      Anonymous support: LOL FUCK YUO NOOB!!1

      If it offends any malware writers to be stereotyped like that, particularly the guys behind antivirus 2009, give me your home address and I'll mail you an apology.

  3. It's a franchise business model by earlymon · · Score: 4, Funny

    And given that it's a franchise business model, I guess I'd like to know two things: are there delivery guarantees and does Uncle Enzo know about this?

    --
    Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
  4. My thoughts on this article. by Anonymous Coward · · Score: 2, Funny

    This whole article is based on some blog posting of an email that is offering a trojan toolkit and hosting for it.

    We do not know if the email is legit or fake.

    This was pimped at some security convention as proof that security online has somehow changed recently. Of course the people discussing it have a motive to make money of the folks who buy security services/software for their companies.

    I find this article to be of little value, nothing revolutionary was mentioned, and on the whole barely worth posting to slashdot.

  5. Bastards by Anonymous Coward · · Score: 5, Funny

    Closed-source malware hurts the developer community!

    I demand FOSS malware!

  6. A package tour of another persons computer? by AHuxley · · Score: 4, Interesting

    Old people go on low-budget package tours of countries.
    If your a Mac, Linux or Windows user and all you have is instant messenger details. At very best a non-static IP thats days or weeks old?
    To be able to skype a real business-like cyber crime expert and have them talk you thru entering another persons computer is so worth $400.
    The thrill of reading the real name of the computer owner.
    To see the desktop.
    Looking deep into the directories, emails, draft letters.
    Compressing and sending out all other chat logs.
    Leaving malicious code behind so you can always stay in contact.
    If there is a hardware upgrade or software problem, friendly help is a just call away.
    All from the comfort of your own home.

    --
    Domestic spying is now "Benign Information Gathering"
  7. Underground Revenue by Anonymous Coward · · Score: 2, Funny

    The FBI and CIA really need to do something about this. The revenue generated by spamming and malware could be going directly to funding terro... aww, who am I kiddin, the FBI and CIA already knows that terrorism gets all of its funding by pirating movies and music.

  8. And even if it ISN'T fake. by Ungrounded+Lightning · · Score: 5, Funny

    This whole article is based on some blog posting of an email ... We do not know if the email is legit or fake. ... This was pimped at some security convention ... Of course the people discussing it have a motive to make money ...

    And even if they're being honest:

    Any bets whether they found one of the law-enforcement "sting" operations?

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  9. Law enforcement by Phroggy · · Score: 4, Insightful

    So, if they're selling support, presumably there's a way to contact them, and if there's a way to contact them, shouldn't it be possible to identify them?

    Are these activities not illegal?

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    1. Re:Law enforcement by QuoteMstr · · Score: 4, Interesting

      Money laundering. Over at Wikileaks, there's a fascinating letter written by a member of the child pornography community. The author goes into quite a bit of detail about the overall organization and operation of the black hat community. You should take the letter with a grain of salt, of course, but it's certainly very interesting.

    2. Re:Law enforcement by Anonymous Coward · · Score: 2, Insightful

      Wow. That letter gets a +10 insightful. It's a shame that the very people who most need to read (and more importantly THINK ABOUT) its contents never will. Even were the subject not the #1 taboo of the Western world, the fact that it's a small minority being targeted means that the average person simply won't care. After all, small minorities who indulge in far lesser taboos (like the canonical example of pot growing) are rotting in jail and the average person doesn't care.

  10. It's true by phantomfive · · Score: 5, Funny

    A few months ago I was really getting sick of working support lines for Intel, with all the stupid users calling in and complaining about stupid things, and I could do nothing about it (I mean really, if your computer isn't plugged in, it's not my fault!!). So I heard about this new business, and applied for a job as a first-line support rep for a certain malwa^W ahem Alternative Software for the Dark Side company whose precise name I will not reveal for privacy reasons.

    The hours aren't great, and the severance package is well, horrible, BUT it does have the advantage that I can send any cases over to the hitma^W ahem Planned Termination and Collections department. Customers are so much more respectful somehow. Maybe I should post this anonymously.

    --
    Qxe4
  11. That's pretty dystopian by Dr.+Spork · · Score: 3, Interesting

    There are many smart people who predict the waning importance of states in the new global order, and I'm sure they'll be very excited to hear this. Already, criminal gangs are formidable competitors to many states (for example: Afghanistan, Columbia and Mexico - but the full list would be far longer).

    Open source methods of terrorism will mean that the state will probably no longer be the most effective source of personal security in the future, and global financial breakdowns might further encourage something like a new tribalism. In a situation like that, armed criminal gangs might in effect become the government in many regions. Witness, for example, that the Taliban just took over a huge swath of Pakistan and imposed their own crazy law. Pockets like these will be immune to reach of international diplomacy, and they'll probably host stuff like this (and maybe the next Pirate Bay, if they can make money doing it). It's gonna be a crazy future!

  12. Don't rush in, give it 18 months ... by w0mprat · · Score: 2, Interesting

    Pay services start out expensive, proprietary and monopolised. So starts the three stages of business in the information age.

    Eventually they become affordable and ubiquitous with competition driving down the market rate.

    Finally it becomes difficult to charge for services at all, and micro payment schemes become a stop gap before it becomes unprofitable.

    So wait a while and there will be ad-supported crime services!

    --
    After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
  13. Actually, the problem is the opposite. by tjstork · · Score: 3, Interesting

    Freakonomics had a really good article about the drug business and in a way, it is efficient. There is ample supply, despite law enforcement. And, there are more than enough interested workers, who actually wind up making, on average, slightly less than minimum wage.

    Basically, drug culture is an -illusion- of wealth, because while a few do get rich, its ultimately just terrible work for the vast majority of people that participate in it. It tends to thrive in impoverished areas, because, for those people, there's just no work at all.

    --
    This is my sig.