Welcome to the age of the professional hacker.
As we have covered recently, cybercrimes have taken on a new urgency over the past several years. Names like Zero Day, Heart Bleed and CryptoLocker have made headlines, making average computer users learn far more than they’d care to know about the back end of their personal laptops. For some, less fortunate consumers, the education has been harder, delivered in the form of personal attacks that steal identities, credit card information and sometimes entire systems.
If the role of cybercriminals has seemed to grow more ambitious, there’s a bit of good news: you’re not crazy. Cybercrime, indeed, has grown more ambitious. The scope, frequency and severity of hacks have increased with every passing year. One of the driving factors behind this, say security experts is a new corporatization and professionalism of hackers.
What was once a rebellious teenager has all grown up and gotten a job… except his 401(k) comes in ransomware bitcoins.
“We say it’s corporate,” said Steve Barone, founder and CEO of the cybersecurity firm CBI. “We don’t believe, we know, that there’s organized businesses stealing data… China is absolutely doing it nonstop, the Eastern Bloc countries are absolutely doing it nonstop.”
“[Security firms] have these really cool, these very impressive war centers that show the data coming in,” he added. “It looks like missile strikes, and they’re all coming from the far side of Asia or the Eastern Bloc.”
As day to day life has moved online, crime has followed, because nothing is so true as the fact that criminals will always follow the money.
And they have. According to security experts such as Barone increasingly hackers are able to operate in the daylight, running entire businesses in permissive jurisdictions or organizing large, underground networks facilitated by the anonymity of the Internet.
It’s the model that Christopher Budd suggests that companies use when thinking about the threats they face. Budd, a global threat communications manager with Trend Micro, has called this a natural evolution. As there’s more money to be made, criminals will get increasingly sophisticated in how to make it.
“Ultimately,” he said, “we’re talking about business. And as business sectors are established they grow and they evolve. You see a process of specialization that happens and componentization, people go into focus areas.”
Specialization has allowed hacking “corporations” to grow in scale and scope, taking advantage of the same compartmentalization of any major business. As members of the team grow into their roles they become increasingly skilled at narrow sets of an operation, whether it’s moving stolen merchandise, identifying targets or coding the necessary malware.