Movies and other popular media have always cultivated the image of one huge, homogenous global crime syndicate that controls everything behind the scenes—a dark underbelly of the law-abiding world that peddles everything from the blatantly illegal to the lawfully murky. But through our own in-depth forays into the cybercriminal underground, we found that the real underground scene is nothing like the popular Hollywood scenario.
In the six times that we’ve snuck into enemy territory, we found six completely different cybercriminal economies. Of course, they’re not that wildly disparate—they still share the same vital trait of being a den of cyberthieves, peddling their wares to one another as well as to those looking to start out. But their differences are distinct enough to highlight—not only to distinguish them but perhaps also help the industry identify where future cybercriminal attacks can start from.
That said, how do they differ?
First off: Identity. Each cybercriminal underground we’ve investigated has its own unique characteristics. The Russian underground, for example, has a very standoffish feel to it, where each participant in a “transaction” is fully aware that whoever they’re dealing with may be lacking in scruples (since they ARE cybercriminals, after all) and thus take precautions—like using escrows—from being double-crossed.
Second: Product/Service lineup. It’s easy enough to assume that each cybercriminal underground will offer the same kinds of products and services, and any differences would lie in the language they use. The truth is that each cybercriminal underground has its own set of "exclusive" offerings. Japan, for example, is the only cybercriminal underground that offers child pornography as a purchasable product. The North American cybercriminal underground, on the other hand, offers not only illegal drugs to customers, but also murder-for-hire services. The Chinese underground offers hardware designed to facilitate cybercriminal activities, like card skimmers that automatically send stolen information from skimmed cards through Short Message Service (SMS).
Third: Accessibility to newcomers. Just like getting inducted into the world of organized crime, getting into cybercrime is easier in some places and harder in others. In Japan, cybercriminal forums and pages are closed off to outsiders through passwords that involve specific cybercriminal jargon and obscure terminologies in their native tongue (Nihongo). This not only keeps foreigners out but also those in law enforcement. In contrast, the North American cybercriminal underground lays everything out in the open; product menus and price lists can be seen on the Surface Web, and even their how-to guides can be easily found on mainstream online media sites. It’s so open that anyone can go to YouTube right now and watch a tutorial on how to use a remote access tool (RAT).
Some more interesting highlights from each cybercriminal underground:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.