Pub. 7 2016 Issue 1

www.wvbankers.org 20 West Virginia Banker Crime-as-a-Service = Hackers for Hire By Jon Waldman Partner, Senior Information Security Consultant - Secure Banking Solutions, LLC The Evolution of Cybercrime Close your eyes for one second and picture in your mind a “hacker.” What does he or she look like in your mind? Most people picture a 15-year old kid in his parent’s basement; it’s dark; he’s drinking a 2-liter of soda, eating a bowl of cheese puffs, and he’s “hacking the planet.” Sound about right? The scary truth is that this is very far from reality in today’s world. Most “hackers” are just like you and me. Hacking has evolved from kids trying to figure out how the internet works to an everyday business. Cybercrime, as it’s referred to these days, simply involves folks trying to obtain two (2) things – information or money – from others in order to make more money and grow their business. Not so long ago, cybercrime used to require bad guys with great technical knowledge in order to break into networks and steal data or money without getting caught. However, times have changed, and as the economy of cybercrime continues to grow, the major- ity of attacks have become automated. Criminals are creating software that makes many of the attacks they perform as easy as simply clicking a few buttons, meaning that the technical expertise once required to be a “hacker” is no longer a job-requirement. In a lot of cases, bad guys will even allow you to sign up for a “service” they provide, such as a DDoS attack or sending out phishing emails, rather than having to do it your- self. This is what the industry refers to as “crime-as-a-service.” What is Crime-as-a-Service? Have you ever wanted to perform a Distrib- uted Denial of Service attack on another organization, but didn’t know where to start? Instead of spending your time learn- ing the particulars of how a DDoS works, you can simply find a DDoS provider and pay them to perform the attack on your be- half! There are all kinds of ancillary benefits to using this type of service – from additional anonymity, to better attack-resources, to time-and-cost savings to you. What’s better than that? Crime-as-a-service can be defined as the practice of facilitating illegal activities for cybercriminals through the provisioning of services. While crime-as-a-service has been around for a while, it has been gaining in popularity, as evidenced by a host of new “services” being made readily available for anyone with a malicious agenda to conduct quickly and easily. New Types of Crime-as-a- Service Brian Krebs ( www.krebsonsecurity.com) is a very well-known computer security blogger with deep ties to the underground cybercrime community. Krebs reports frequently on