The ganglands of narcotics and cybercrime have multiple parallels, like a pair of aberrant twins, learning from, and outdoing, each other. TV crime drama series Breaking Bad centres around the manufacture of the drug methamphetamine. It is the highest rated TV series of all time.
Narcotics such as cocaine, heroin, and methamphetamine, have the cyber equivalent in identity theft, bank fraud, IP theft, and ransom. Meth cooks Walter White and Jesse Pinkman have thousands of counterparts coding the latest malware or operating malware kits. When a hotshot hacker discovers a zero day exploit, the opportunity to sell it to the highest bidder for enormous sums, whether white hat or black hat, is enticing. Brilliant coders also have the same pressures as chemists to seek windfall big bucks and secure the future of their families.
Stakes are high. Globally, cyber crime accounts for 0.8% of GDP, slightly less than the 0.9% attributable to narcotics. A McAfee report estimates the cost of cyber crime to be more than $400bn annually, up from $100-$150bn last year. However, due to under-reporting, this figure could be vastly under- estimated. Some such as Kate Vinton suggest we need a national standard of breach reporting. In order to deal with a problem, a first step is to accurately quantify it.
Division of labour is a key characteristic of both narcotics and cybercrime. The concept of Crime-as-a-Service (CaaS) provides opportunity for skilled developers, bot herders, mules, and syndicate heads, to provide key components of cyber malware creation, distribution and money laundering. CaaS provides anonymity for specialists so they can independently make their cybercrime contribution without the downside of gang patch association.
Breaking Bad’s DEA officer Hank Schrader has legions of cyber counterparts in agencies such as the FBI, Europol, Homeland Security, and the European Cybercrime Centre. No doubt, many law enforcement officers in these agencies are now keeping a weary eye on any reclusive IT expert brothers-in-law.
Russian Evgeniy Bogachev is a cyber crime gang boss – the Gus Fring at Los Pollos Hermanus of the cyber world. There are many others like him. McAfee estimate there are currently 20 to 30 major cyber gangs with technical capabilities as sophisticated as nation states. That’s a scary thought considering the power of Stuxnet. Evgeniy Bogachev’s gang reportedly netted over £100m through Gameover Zeus. The gang earned $27m in two months from CryptoLocker ransomware in a strategy the retail sector know as “providing add-ons for existing customers”.
Cybercrime is high return, low risk, low cost of operation, and few barriers to entry. Participants also have less fear of physical threat from colleagues or from the turf wars which characterise the drug trade. Many cyber crime activities harvest small amounts from large numbers of victims. Often the victim’s pain is inconvenience. Narcotics on the other hand extracts a high price on fewer victims – effects are life-changing. Locale is insignificant in cyber crime as it can just as easily be conducted cross-border, from the other side of the world, from states with lax cyber law enforcement.
No doubt, many of those living a clandestine double life of cybercrime, experience similar anxieties and trepidation as Walter White. The more we learn about government surveillance capabilities, the more they will stress. Weapons designed for anti-terror are easily redirected toward organised crime, like the swivelling of a gun turret. Recent arrests by co-ordinated multi-country law enforcement will have increased tensions leaving many cybercrime operators fearing the knock at the door.