Man silhouette in hat and raincoat standing in the light of opening door in dark room

The Business of Cybercrime

More Amazon than mafia

Cybercrime and hacking are plagued by pop culture stereotypes – from the hacker in a hoodie to the cascading green text reminiscent of The Matrix.

For law enforcement agencies tasked with combatting cybercrime and tracking down the criminals responsible for these tropes, while captivating, are unhelpful in understanding and eliminating them.

"We found that the hacking marketplace is highly competitive and to succeed these groups have to work hard to attract clients."

New research from Edith Cowan University is overturning the idea that online organised crime groups are just like traditional mafia in the internet age.

Dr Roberto Musotto from ECU's School of Business and Law and the Cyber Security Cooperative Research Centre said his research is changing the way law enforcement are approaching organised crime groups online.

"Our research showed that groups selling so called 'crimeware' or hacking-as-a-service online have an organisational structure just like an Amazon store, not an online Cosa Nostra," he said.

"We found that the online hacking marketplace is highly competitive and to succeed these groups have to work hard to attract clients and build up their criminal business."

"They’re using sophisticated marketing to engage customers as well as low-cost trial accounts and even tech support you might find if you were signing up for a new internet service provider."

"The big difference is the service they’re providing is used almost exclusively for criminal acts."

These tactics more closely resemble a business practice playbook than a classic mafia operation.

A growing concern online

Dr Musotto and his colleague from the University of Leeds analysed data on an online organised crime group accused of selling access to an IP stressor that enabled users to launch distributed denial of service (DDoS) attacks.

In this kind of cyber-attack, the targeted website is bombarded with numerous log-on attempts all at once. This clogs up the site’s traffic and leads to all users being denied access, effectively causing the site to crash.

"In this kind of cyber-attack, the targeted website is bombarded with numerous log-on attempts all at once"

Tech firm Cisco last year predicted the total number of DDoS attacks would double by 2023, while the scope and intensity of attacks has increased massively.

Those increases have gone hand-in-hand with innovative new ways for cybercriminals to deploy attacks against organisations. Reports have emerged of cybercriminals demanding payment in bitcoin or other cryptocurrency in exchange for not disrupting businesses online platforms.

More Amazon than Mafia: analysing a DDoS stresser service as organised cybercrime by R. Musotto and D. Wall by R. Musotto and D. Wall is published in Trends in Organized Crime.

Cisco prediction: DDoS attacks will go from 7.9M in 2018 to 15M+ million by 2023.
IT services downtime due to a DDoS attack can cost companies from $300K to $1M+ per hour.

Australia's Cyber Security CRC

The CSCRC is dedicated to fostering the next generation of Australian cyber security talent, developing innovative projects to strengthen our nation's security capabilities.

The CSCRC builds effective collaborations between industry, government and researchers, creating real-world solutions for pressing cyber-related problems. It achieves this by identifying, funding and supporting research projects that build Australia's cyber security capacity and address issues across the cyber spectrum, both technology and policy related.

Cyber Security Cooperative Research Centre, ECU Joondalup Campus
ECU's state-of-the-art facilities provide an ideal learning environment for Cyber Security students.

The CSCRC also undertakes a key public role in cyber security advocacy, providing evidence-based commentary around relevant cyber security issues.

The CSCRC's research focuses on three key areas:

  1. Ensuring the security of critical infrastructure by developing innovative solutions to predict, prevent, detect, and respond to cyber threats from nation states and individuals.
  2. Ensuring industry and the community can access online services with confidence. This will grow Australia's reputation as a safe and trusted place to do business.
  3. Addressing the skills shortage by training the next generation of cyber security professionals.

Be at the forefront.

* Response required

Other research projects