The ruthless world of cyber crime

You wake up at 17, ready to start your daily routine. You’re a criminal who works at night, robbing stores, kidnapping people, and reselling stolen jewelry. You do some research for what stores to rob, and off you go. Break into places, steal money, and sometimes you face the owner of the store you are robbing. He’s scared, he’s old. He stands no chance against your weapon, he can’t do anything about it. He knows if you take his money, he won’t be able to keep running his business. His sick son won’t be able to afford his medication. You look him in the eyes, with a gun in your hand. You take the money and leave. You don’t care. You just need more money for that fancy car you wanna buy.

There is people in this world that can easily do this. But there’s also many that won’t go through with it. When facing the old man, they will feel a pain in their stomach, knowing that they’re hurting him and his family, just so they can get a new car. They wouldn’t do it.

Now, what if you could take this human factor away? What if you won’t ever have to face the old man, but still be able to rob his store, and without the risk of getting caught? If you take away this factor, it’s much easier for people to do this. They do not have to face their victim. It’s easier that way.

This is exactly what happens in cybercrime. Actually, it’s even worse. Because you can target a global organization with hundreds of sites around the globe, and rob them all at once, without ever facing anyone. You can do that from your home couch, while drinking beer and eating popcorn while distractingly watching a movie on the background TV. You can buy powerful weapons without having to show an ID. You can even brag about your hits without exposing yourself. The police won’t get you. No one can actually do anything, unless you really mess up and leave obvious traces. But really, you just need to follow some tutorial on YouTube to make sure it will be practically impossible to catch you (in most cases).

We see this almost every day. Companies call us when their entire infrastructure is compromised. Just like the store owner calls the police from the parking lot, watching his store burning after the robbers set it on fire when he refused to pay protection money. Yes, sure, we put together the team and we run and help and investigate and rebuild and eventually bring them back on their feet. But it hurts. It hurts knowing that they never stood a chance. With all their legacy systems and their complex and dysfunctional organization, while the attackers only had to run some scripts. It’s like breaking into a retirement home with a rifle, stealing everything, and destroying the walls on the way out so the wolves can run in and finish the job. It’s vile, despicable, disgusting.

And I think that if you’d take these people and put them in front of their victims and the consequences of their greediness, many of them would collapse in shame. But they’re safe behind their monitors and will never have to see that.

We live in a world where you can run advanced criminal operations with the click of a button. Our threat intelligence operations show that the professional cyber criminal groups have sophisticated infrastructure, efficient and automated, and consolidated methodology, tools, and techniques. And the whole business model behind the attacks is also surprisingly advanced. Like recently stated by the NSA chief, this is the “greatest transfer of wealth in history”. And it’s happening silently, behind the scenes. Most of the attacks we investigate are never revealed to the public.

We need to start taking actions at higher levels and larger scale. I don’t have a solution in my mind right now, but something needs to be done. In the meantime, we will keep fighting the cyber criminals, helping affected organizations, and working hard to defend, detect, and respond to attacks.

This is only the beginning. Keep fighting!


By Fabio Viggiani

Fabio is the technical lead of Truesec Security Team. He leads advanced Incident Response missions, and has extensive experience in Red Team assignments as well as traditional penetration tests.

He also works closely with Truesec Security Operations Center, focusing on Threat Hunting and detection.

This gives him a strong insight in the current threat landscape and the latest attacks and detection techniques.