Lowering the Bar for Cyber Criminals

The internet is creating a new kind of criminal whose average age is just seventeen. Most of this new criminal element are unlikely to be involved with theft, fraud, sex or harassment crimes. The crime that these teenagers (mostly male) are committing is cyber-crime.

A National Crime Agency (UK) report analyzes the motivations of the youth to engage in cyber-crime, and the consequences to the criminals and their victims. Many begin by going onto game-cheat websites or forums that reveal how to change or “mod” games.

A teenager can make friends quickly and easily, become praised for his skills, and prove himself to his peers in an online social club. However, once a gamer figures out how to win a game by launching a cyber attack on an opponent, he can apply his new technical skills to target his school or a government agency he does not like.

The skill barrier to enter into cyber criminality is lower that it has ever been because of the wide availability of free (or very inexpensive) hacking tools. Any user can easily access, download, and spread these off-the-shelf hacking tools.

Ransomware-as-a-Service (RaaS) offers software that encrypts the files on a computer and demands the victim pay a price in order to regain access to the files. Ransomware and other hacking tool vendors advertise their products openly on low-level hacking or gaming forums, stirring the curiosity of the young and relatively unskilled cyber criminals.

The younger cyber criminals are often unaware they are committing a crime. After all, they cannot see a victim, they are anonymous, and there is no visible law enforcement presence online. They naively assume there is a low risk of being caught.

If they are caught, however, they can do prison time. An 18 year old, who was arrested for obtaining unauthorized access to a US government site, said, “I did it to impress the people in the hacking community, to show them I had the skills to pull it off . . . I wanted to prove myself . . . that was my main motivation” he told the National Crime Agency debriefers.

The sense of accomplishment is seen as the key motivator for those youth involved in cybercriminality. Financial gain is not necessarily a priority for offenders, but this should not be discounted.

Because of the explosion of the hacking tool market, there may be a rise in low-skilled offenders who learn they can financially benefit from cyber crime. For example, the Princess chain, identified by IntSights analysts, is seeking to expand its brand through affiliate programs which will increase the number of infections with the ransomware. This enables anyone with motivation and some cash to participate in the cyber-crime party.

Only a small number of low-level cyber criminals go on to the higher level of the very technically skilled cyber criminal. However, the proliferation of off-the-shelf hacking tools, and the evolution of “as a service” business model for cybercrime has brought the ability to significantly harm others within the reach of the young and relatively unskilled cyber criminals (as noted by IntSights in previous posts):

https://intsights.com/phishing-business-model-evolves-a-research-into-phishing-as-a-service/

https://intsights.com/apt-as-a-service/

https://intsights.com/baas-bot-as-a-service/

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.