Search This Blog

Thursday, October 10, 2013

Democratizing Cybercrime

The changing landscape of cybercrime has meant that you do not need to be a computer geek to start reaping in dirty cash from cybercrime activities.

The world of technology and computers is constantly changing and opening itself up to the masses even though that not each and every use of technology we make is legitimate.

 I still smile when my parents hook on skype or keep tabs of some old useless junk on sale on ebay which stands as testament that today technology is really ubiquitous.  

In my childhood years, my computing abilities enabled me to configure my serial and parallel ports on my then “ultra fast”  386 machine or to shift memory allocation around in order to ensure that Monkey Island ran smoothly.  Back then, I would be mesmerized, reading the exploits of cyber-criminals in books such as The Cuckoo’s Egg by Cliff Stoll. As a young adolescent with very basic mastery of computers I realized that you do not just need malicious intent to become a cybercriminal but you required a very intimate knowledge of how computers worked. Even though I never had any criminal intent (or that is what I believe) I always felt amused at how technology could serve as a tool of choice for the commission of crime without proverbially dirtying your hands.

 In the past few years the availability of technology and the ever-changing nature of computing tools has simply democratized cybercrime.

You don’t need to be a source code wizard to become a hacker. You don’t need a mammoth machine to perpetrate cyber offences. You just need to know what to look for. The tools are all there for the taking and the perfect example of this is the rise of online advertising fraud and the use of malicious botnets.
Basically, botnets are malware infected or compromised computers which are then used to instigate and launch a myriad of cyber-attacks ranging from denial of service attacks to email spam. Without your knowledge your computer can be infected and could be a “zombie” performing tasks without your knowledge. But don’t think that you need to be a scientist nowadays to set up your own botnet farm and use these infected computers as your despicable minions to launch your worldwide cybercrime conquest. All you need is a couple of hundred euros and publicly available programs and you are half way there. Botnets are nowadays not only used by hacktivist groups such as Anonymous to carry out their DDOS attacks but are increasingly being used by common people to commit click fraud.

Click fraud occurs when automated script or compromised computer terminals are used to click on adverts which run on a pay per click business model. The activity is very simple in its design even though some perpetrators run huge systems of a more complex nature. Basically, you can set up a very straight forward web site, have adverts on your site and then generate revenue by having clicks registered on those ads. Now imagine, that through the use of botnets you are generating terrific volume of traffic and clicks on those ads. You have essentially set up your own private pension plan, illegally of course.  Many companies, including Google have been the victims of such activities and it appears that such attacks are only increasing.
The situation is now even more precarious due to the fact that botnet farming software is easy to acquire and deploy and thereby assisting in the illegal pay-per-click type of fraud. Sometimes the amounts are so small that it is not easy to detect genuine from malicious activity even through the use of illicit click-farms.

The availability of malware such as Zeus and Spyeye meant that, theoretically speaking, even my mother, instead of chatting away on skype, can set up her  own botnet farm and become a cybercriminal and rake in cash through fictitiously generated advert click-through revenue. Some users of Zeus went as far as declaring that the creation of a 10,000 machine botnet was so easy that cybercrime has today become more profitable than drug dealing. Perhaps the next hit series on TV will not be Breaking Bad but would have an illegal botnet as its core storyline as opposed to meth cooking .

What is certain however is, despite its ease of use, click fraud is indeed a criminal offence regulated by the Computer Misuse provisions contained in our Criminal Code.

Furthermore, the making available of programs such as Zeus and Spyeye can also lead to criminal offences.  In fact, Article 337(C)(1)(l) of the Criminal Code provides that it shall be an offence to produce, sell, procure for use, import, distribute or make available any software programme designed or adapted primarily to commit a computer misuse offence including unauthorised access, hacking and related offences including DDOS and botnet activities.

It seems however that the law has not served as a sufficient deterrent. The proliferation of high speed internet connections together with the ease of use of such tools has enabled many individuals to join the cybercrime bandwagon albeit in a less sexy fashion that what we are normally accustomed to see.  Problems and deficiencies in law enforcement related to such illegal activities are also very apparent. Which again bringing to the limelight traditional issues associated with cybercrime including jurisdictional issues.


Surely, as part of her technological trials and tribulations, I will ensure to advise my mother not to try her hand at click farming any time soon.

No comments:

Post a Comment