A New Era in the Business of Digital Crime
The idea of digital crime as a business is intriguing to me. I was reading an article from Imperva on Ransomware as a Service or RaaS. Perhaps we are starting to see a new shift in doing business and entrepreneurship. The name of the new game is the business of digital crime. In the Imperva article, the kid (or more accurately he claims to be a teen) who created the first RaaS is described almost like an entrepreneur. He is ignited with passion on an idea and he starts frantically working on it. He keeps iterating it until he gets a MVP. He goes out and proves traction and gets customer feedback and continues his hacking and iteration. Finally, when it is done, he launches it to the world. The only difference is that his intention was not to save the world but rather to empower criminals.
The business of crime is growing and many of us in due time will become a victim. When tools and platforms are build to target the innocent, they will fall prey. These naive people may be fun to laugh at at first. You say to yourself I am too smart to become a victim but when they are those close to you, their carelessness will stumble you too. They get hacked and your home network is compromised, the viruses and malwares will in no time come after you when you least expect. More interestingly, tools that were build for good intentions have now become tools to aid crime. Tor, encryption, bitcoin and etc these tools have now become a safe haven for criminals to digitally hid themselves and conduct their new businesses in the comfort of their own dark caves.
Another article that I read recently also exemplifies this new era of crime businesses. This one is from CloudFlare and it talks about criminals scaring enterprises to pay a ransom or face a DDoS. Even though the actual criminal threat was fake, businesses still paid up. In the CloudFlare article, the criminals are noobs who did not even ensure that they could figure out who paid them and who did not. Their main intention was obviously to make a quick buck by playing chicken with the enterprises that they were targeting. Indeed, fear is a powerful tool for criminals who conduct these new type of business ventures. Again the concepts employed are very startup like. In this case, it is about selling an idea even when you do not have an actual prototype of MVP. The technique used is to understand your customer persona well (think lean business canvas) so that you know with high certainty if they will pay up. You know that you have a viable business model when the money starts coming in and you can then quickly capitalize on the pain points.
In our new era of startup criminal-preneurship, we need better tools and technology to fight these criminals. No longer can we afford to sit and wait to be the next victim, we need to take a proactive approach to squashing digital crime. When profitability is high, you can be sure that criminal minds will gravitate towards it like shit attract flies. Businesses will spring out of greed and fast money if we are not prepared to fight and manage it. My personal prediction would be that digital spam (eg email spam, web traffic spam) will become the window to this fight. Just like fever is a symptom to our body when it is fighting an infection, digital spam will become a symptom to higher crime activities in the digital world that we all know as the Internet. Want to know why my prediction is focused on spam, read more about my thoughts here.
Originally published at blog.malleablebyte.org on April 27, 2016.