When your computer is infected with malicious software, people around the world swing into motion.
The attacker who sneaked the software onto your PC - perhaps via a spam email saying a pizza delivery is on the way to your house, which spurs householders into cancelling the order and visiting a fake website - is just one of a chain of ‘employees’, ranging from unknowing ‘money mules’ up to consultants who can create tailor-made cyber attacks for a price.
Exclusive: Watch the action-packed ‘Cybergeddon’ trailer only on Yahoo!
Cybercrime is big business worldwide - with a cost to users of $388billion in the past 12 months, cybercrime is almost as damaging as the entire world trade in illegal drugs.
A million people are affected every day, and the ‘business’ is growing rapidly.
What is surprising, though, is how much like a ‘real’ business it operates. Cyber attacks don’t operate like a simple street mugging. There is management as structured as many a dotcom business.
One person will be paid to breach your computer - turning it into a ‘zombie’, a remote-controlled machine that can be instructed to download new malicious software at any time. Another will be paid to install malicious software - including the package that captures your bank details.
Banking attacks evolve as fast as bank’s defences, and cybercrime gangs will be up to date - the latest versions sit in your browser, assuring you that your balance has not changed, or siphon off money without even needing a password.
The people through whose bank accounts money moves - known as ‘money mules’ - will often not even be aware they are involved in money laundering, and just think they have had the luck to land a very easy job, for which they cream off their percentage.
Related article: Hackers hit 30,000 oil company computers
But most of the money travels upwards, to the ‘managers’ further up the chain, and the ‘creatives’ who craft a novel attack - mirroring the structure of an ‘ordinary’ company.
‘There are different roles for each person,’ says Orla Cox, security operations manager at Symantec Security Response.
‘Some hackers will be paid for every time they install malicious software on someone’s computer. It’s pretty much an industry. There’s a manager sitting up top behind the scenes, and multiple players located in different parts of the world.’
‘Some hackers will just buy a kit - it will provide everything you need to launch a fairly sophisticated cyber attack,’ says Cox. ‘It will provide tools and instructions to compromise a website to infect computers that visit it, then the attackers will get paid for every time they install this infection on a computer.’
‘There’s a stereotype,’ says Cal Leeming, a former hacker responsible for a £750,000 theft, who now works in security for Simplicity Media, ‘But you’d be surprised. Really hackers aren’t just one type of person. One person could be sat at home, a 15 year-old kid, but there are others who are 19 or 20 years old, who have jobs, a social life.’
Contrary to the portraits often painted in the press, hackers are largely not elusive computer geniuses. Most are simply competent computer users who’ve been tempted to visit ‘dark’ online markets where banking Trojans and other malicious software can be bought for money.
Others are provided with the software by their employers. The enormous growth in cybercrime is due partly to the spread of computers - but also to the fact that it’s difficult to prosecute shadowy networks of criminals operating out of multiple countries at once.
‘For a common criminal, it’s actually a lot safer than grabbing a bag in the street,’ says Norton’s director of security response, Kevin Haley. ‘Citizens could knock you to the ground, the police could get called. Crooks are cluing into that. You don’t have to be technical.
‘Some cybercrime gangs will even offer consultants to help you set it up, hire money mules, and give you a target to attack. A lot of cybercrime comes from developing countries with a large computer population such as South Africa and Brazil, places with high physical crime rates. It’s a whole underground economy.’