- Platform criminality is leading to a rise in online services that offer easy access to malware and cybercrime expertise
- We must move beyond a simplistic firefighting approach to cybercrime if we want to disrupt cybercrime supply chains
Earlier this year, an international law enforcement cooperation led to the arrest of the administrators of webstresser.org, the largest DDoS marketplace on the planet. With more than 136,000 registered users and over four million attacks launched, it is fair to say that taking Webstresser down was a big win for law enforcement, as well as the cybersecurity industry.
Despite this success, the removal of Webstresser is just one win in the war against cybercrime. My recent research, Into the Web of Profit, outlined just how widespread the cybercrime economy has become, how big that war really is, and how cybercriminals are being inspired by the legitimate economy.
Over the past decade or so, the use of platforms in legitimate business has exploded in popularity. You can now order food or a taxi at the touch of a button. You can communicate with friends, book a place to stay, buy your groceries, books and presents, and even apply for jobs.
Uber, Facebook, Just Eat, to name but a few, are starting to dominate our lives and have become some of the most powerful cultural and economic forces in our society. All of them have created environments in which they are able to generate significant revenues merely by offering platforms to connect people and share information, whilst in the process harvesting huge volumes of data. This is platform capitalism.
A ‘Monstrous Double’
The cybercrime economy is mirroring and drawing inspiration from platform capitalism, creating what I have called ‘platform criminality’. It isn’t beyond the imagination that Webstresser was perhaps the eBay of cybercrime – an online marketplace with easy to access cybercrime goods and services.
My research showed that these dark platforms function in the exact same way as their legitimate counterparts – they simply connect individuals with services. Webstresser for example was selling DDoS attacks, but during the research I came across hundreds, if not thousands, of platforms selling a range of cybercrime services as part of a Crimeware-as-a-Service model. People can easily hire hackers to carry out a crime, in a similar way that you might hire a driver through Uber or hire a cleaner on Task Rabbit.
The days of the lone actor, or hacker in a hoodie, are gone. In its place are enterprise-sized criminal organisations. Imagine an Amazon, but one dedicated entirely to cybercrime. These structures exist and have drawn inspiration from their legitimate counterparts to achieve huge success.
Turning the Tide
At present it is incredibly hard to shut these platforms down, hence why Webstresser’s takedown made so many headlines. To truly understand and disrupt these cybercrime platforms in the future, we need to take a holistic view of the cybercrime economy, one that includes a better understanding of how cybercriminals are emulating platform capitalism.
The cybersecurity industry needs to move beyond firefighting or responsive measures to instances of cybercrime and must instead focus more clearly on how to tackle the ever-growing cybercrime economy. We need a new approach that focuses on prevention that can help disrupt cybercrime supply chains.
Only then can we begin to truly turn the tide in the cybercrime war.
To learn more about platform criminality and the implications this has on organisations, law enforcement and the cybersecurity industry, please download Into the Web of Profit report here.
*** This is a Security Bloggers Network syndicated blog from Bromium authored by Dr Michael McGuire, Surrey Crime Research Lab. Read the original post at: http://blogs.bromium.com/webstresser-when-platform-capitalism-goes-rogue/