Research shows if cybercrime was a country, it would have the 13th-highest GDP in the world.
Cybercrime is a booming business, as anyone interested in the area can tell you anecdotally, but new research shows just how lucrative it really is.
Dr Michael McGuire, senior criminology lecturer at the University of Surrey, presented the results of his study Into the Web of Profit at RSA 2018 in San Francisco.
A complex web
Over nine months, McGuire discovered the machinations that keep the cybercrime economy sustained, as well as how it overlaps with the legitimate economy.
The study was sponsored by security firm Bromium and was originally going to explore where exactly cyber-criminals spend their money, but the scope of the work soon expanded. “It turned into a huge piece of research, which looks at the whole of how money flows around the cybercrime system.”
He noted a rise in ‘platform criminality’, much like the platform capitalism model used by major tech firms such as Facebook. In the cybercrime world, malware is turned into a product, which simplifies the purchase of illegal products and services, enabling broader criminal activities such as drug production, terrorism and human trafficking. Think of it like a mirror image of the legitimate economy – a “monstrous double” of the information economy, as McGuire dubbed it.
“There are large organisations in the burgeoning cybercrime economy that very closely match the structures and business plans of companies like Uber, Airbnb, Facebook, Twitter and WhatsApp.
“These platform owners act more like service providers than criminals; they don’t commit the crimes directly but enable and profit from cybercrime and are helping to create a world where cybercrime is a permanent state.”
Cybercrime funding other illegal activity
McGuire found links between cybercrime and the production of synthetic drugs. When dark-web market AlphaBay was taken down, listings for toxic chemicals as well as malware were found. “Many substances of this kind are manufactured in China or India, purchased via online markets, then shipped in bulk to Europe. But there is also evidence that groups who acquire revenues from cybercrime are involved in the active production of drugs.
“For example, the arrest of a Dutch money-laundering gang also led to the discovery of ingredients they possessed to make ecstasy, further highlighting a material link between cybercrime activities and organised-crime activities.”
Criminals reinvest approximately 20pc of their revenues into additional crime, indicating that up to $300bn is used to drive other kinds of offline illegal activity.
The cybercrime world generates a staggering $1.5trn annually, which includes $160bn in data trading, $550bn in trade secret and intellectual property theft, $1bn in ransomware and $860bn in illegal online markets.
The larger multinational operations can earn up to $1bn a year, while $30,000 is a more likely figure for the average smaller operation.
An economy in itself
It’s clear from the research that cybercrime is no longer just a business, said McGuire. “It’s much, much more than that. It’s like an economy which mirrors the legitimate economy. Increasingly, what we’re seeing is the legitimate economy feeding off the cybercrime economy.
“More concerning is evidence that cybercrime revenues are now significant enough to attract the attention of those who are ready to use them to fund more serious crime, such as human trafficking, drug production or even terrorism.”
Digital payments systems, including PayPal, were used as money-laundering tools.
In order to deal with the issues, a holistic approach is recommended. Focusing on specific types of crime and how they are committed is only effective to a certain level. By gathering and building a comprehensive overview that considers the interconnections between both the legitimate and criminal data economies, a full understanding of the issue at hand can be gleaned.