Hackers

Many years have passed since hackers started making money in the deep web. Currently, computer crime is becoming ever more complicated and better organised, which means that hackers have increased their profits, while minimising risk. Hacker groups cooperate with each other to a greater or lesser extent, which leads to a constant expansion of their business. Many groups can safely be compared to ordinary large companies operating on the market. Currently, most hacker groups compete with each other in terms of quality, reputation and price, and most exploits and viruses go through a normal Software Development Life Cycle. In addition, many services begin to operate in the SaaS (Software as a Service) or CaaS (Crime as a Service) model. As you can see, hacker organisations are increasingly more similar to corporations and introduce similar business practices. We may expect that in the future hacker groups will compete on the market with such providers as HP, Dell or Microsoft.

This article aims to explain the operation of the hacker business models, showing the various methods of making money in the darknet, in order to demonstrate the motivation of the specific types of hackers, the profitability of computer crime, the level of risk, strategies, and the development opportunities for this business.

Types of operation in the deep web and their driving force

There are many categories of hacker groups, such as organised crime, identity theft, cyberwar, stealing IP addresses, extortion and bank fraud. All these types of operation vary in terms of earning potential and associated risks.

Most companies established by criminals are designed to draw maximum profits from scamming and various types of fraud. Several types of companies ran by hackers, which are known all over the world, are listed below.

Advertising fraud

In this type of fraud, the attacker sets up a website with ads, which is visited by bots from various locations, generating fake traffic. Because the ads are viewed, the attacker is paid for them. A more advanced method consists in random bots clicking on a given advertisement.

Credit card fraud

These are among the most common and most popular scams today. The hacker obtains the credit card number and holder details, and then sells that data on the black market. Then, somebody buys a physical credit card or just the data to produce a new one. After recording the magnetic strip or reprogramming the chip, he simply goes shopping and his transactions are charged to the account of the victim. They are often made in more than one country.

Fraud related to payment systems

This is another well-known type of fraud, which involves stealing money from online payment systems, such as PayPal, Apple payments, Bitcoin payments, and other systems. The attacker either steals the money from the victim’s account, or starts the process of “money laundering” in the Internet.

Bank fraud

This is another technique where the attacker breaks into the victim’s bank account through online banking and then transfers the money to his own account. Another type of such an incident is selling “0-day” vulnerability in the banking system. This type of crime is subject to considerable risk, for it is usually investigated and monitored.

Stealing medical information and personal data

This type of fraud involves the theft of personal data from websites or medical information from hospital systems and other health systems. The data is then used for insurance fraud or identity theft. It is a new type of fraud, so you can expect many such incidents in the immediate future.

Identity theft

This is one of the best-known types of attack, where the hacker steals the victim’s ID, which contains the address, social security number, credit details and other sensitive information. Then, the attacker tries to sell the data or use them for various types of fraud mentioned above.

Phishing

Attacks of this type are carried out practically every day. They consist in stealing usernames and passwords by means of phishing sites. The attacker sells the information immediately or creates a database with screen dumps of many users, and then sells it on the black market.

Bug Bounty

Identifying vulnerabilities in computer systems has become a lucrative business, offering its own sales models. Bug Bounty programs involve thousands of hackers and leading companies from all over the world. Corporations invite hackers to discover new gaps in the systems before they can be found by criminals and used in the deep web.

Extortion

Extortion is an attack usually targeted at senior managers or directors, and consists in informing the company about a break-in or a simulated DDoS attack, and then providing the account number to which ransom money should be transferred. Another type of extortion is when the attacker installs a virus encrypting the hard drive on the victim’s computer and then demands money for decrypting the HD. Yet another kind of cyber-extortion is when criminals purport to be a law enforcement agency.

IP data theft or IP theft

This type of attack is based primarily on intellectual property theft. Usually, a hacker takes over a company computer with access to the entire network and collects information, which in most cases is then sold to a competitor. Attacks of this type commonly occur in the electronic industry (prototypes of phones or tablets), entertainment industry (films, software), and the arms industry (prototypes of weapons). Crimes of this type usually have a huge impact on the targeted organisation.

Hactivism

Hactivism means a number of well-organised groups hacking for political or ideological reasons. The attacks are usually targeted at organisations or individuals, which, according to the hackers, have done something wrong. Such hackers are mostly online activists protesting against some change.

Hactivism can be divided into three main types:

1. Troublesome – typically involving destruction of a website or taking over a Twitter account
2. Disruptive – DDoS, spamming, and botnet attacks
3. Destructive – destroying targeted data and systems or making them useless

Corporate culture

The underground market operates almost in the same way as the traditional one, driven by supply and demand. Information and tools, which are the most critical for a given organisation, are always the most valuable and vice versa.

Hacking companies are less hierarchically structured than traditional organisations. Each hacker really operates as an independent economic actor, but he does provide some value for the society as a whole. Hackers usually choose their own working hours, and they may treat hacking for profit as a side job supplementing their income from other work. But there are hacking companies operating under the 9-to-5 regimen and with a specific work schedule. Monday morning is usually a hectic period for them, as they want to catch up on the weekend backlog.

Joint operations by cybercriminals depend on preserving anonymity. Hackers are usually known only under their nick, while their original identity remains hidden from everyone and shrouded in mystery. This is all due to a strong obsession of many hackers. Only trust and good reputation really matter in this closed community. When a hacker is a trusted person, he has no problems with making money in this complex system. Trust is built by demonstrating your skills and on recommendations from other people in the industry.

Staff management

Staff management includes many tasks and looks very similar as in the case of large corporations. It usually consists of the following three main areas:

• Personal responsibility
• Compensation payments
• Payments of employee benefits

All the three main areas are in fact divided into many smaller ones, facilitating comprehensive staff management in an organisation. In the business currently flourishing in the deep web, everything is based on verbal contract. Very often, one hacker performs several tasks and solves many problems. Each hacking operation contributes to the final product and those attackers who contribute more than others receive bigger commissions.

Currently, entering the deep web business requires very little knowledge or skills. Moreover, some operations do not even require computers skills, so non-technical people can very easily move into this business. The following are examples of non-IT skills useful in this industry:

• Warranty services
• Identity control
• Escrow services
• Sales and marketing
• Legal support

Recruitment of new hackers is carried out through various blogs and Internet forums, and the key element in this business is trust, so only highly qualified hackers can survive in the business and take part in the recruitment of new members. One of the main problems for the hacking business is the place it is done from.

The cash flow system plays an important role in the hacking operations. The main problem is to turn the funds earned through hacking into real money, without leaving any traces. One method is to establish a fake business online and to buy random goods to “launder” the money stolen through PayPal accounts.

Marketing and sales

Hacking companies must constantly work on creating and maintaining a certain status, and building the trust of the market. Credibility and reputation play a key role in the Internet. Highly valued hackers do regular business in the deep web, and one false move can ruin their entire reputation.