The traditional picture of a hacker used to be a teenager hunched over a laptop in their basement, launching web defacement and DDoS attacks against websites for fun or as part of their further learning.
That image has shifted in recent years. Mention the word ‘hackers' now and you'll likely end up in debate over the role of security researchers and the intentions of both hactivists - working to disrupt controversial governments or companies – and the organised criminal groups which often target banks, firms and individuals with malware and social engineering campaigns.
However, a new report now details how cyber-criminals are increasingly selling their products and services for use by other criminals, thereby lowering the barrier of entry to the common criminal.
That was the finding of a report from the European Cybercrime Centre (EC3), which said that this ‘cyber-crime-as-service' business model is enabling ‘Mafia-like' groups to dip their toes into the cyber world.
In addition, the 2014 Internet Organised Crime Threat Assessment (iOCTA) report details how criminals are using legitimate anonymisation, encryption and other legal services to hide their activities – news which may well explain the reported attempts by the US and Russian governments to break the Tor anonymised browser for example.
Kaspersky Labs CEO Eugene Kaspersky acknowledged this trend when speaking with British newspaper The Telegraph shortly after the report was published.
“The traditional mafia came to cyber-space with ideas about how to use cyber to support traditional crime. I am afraid next the terrorists will migrate to cyber-space,” he said.
“In cyber-space there is a very short distance between criminals, activists and terrorists. You attack a web page and cause it to crash, that's crime; you do it a bit more strongly and crash a country, that's terrorism.
Adrian Culley, a cyber security consultant and former detective in the Scotland Yard Computer Crime Unit, told SC that the cybercrime-as-a-service trend is not a new phenomenon and says that the emphasis must now be on police to raise their investigative skills.
“Cybercrime-as-a-service has been around for some time,” he said. “Organised crime is another way of saying unlawful business, and as such is every bit as concerned with profit and efficiency as legitimate business.”
However, he warned that police are well-behind on the required skills and reporting mechanisms, and are as such ‘failing in cyber-space'.
“Whilst Sir Robert Peel's 1829 policing model has mostly stood us in good stead for physical, tangible matters, and indeed been exported around the world, it is now struggling to deliver for digital society and cyber-crime. A wider debate is needed across society as to how 21st Century policing engages with things cyber.”
“Cybercrime-as-a-service shows crime continues to innovate. Policing must also innovate to meet this challenge.”