Illegal online markets generate half of cybercrime revenues

A booming cybercrime economy is netting at least $1.5trn in illicit profits every year from activities such as illegal online markets and theft of intellectual property, a new report reveals.

Delving into the murky cyberworld of revenue flow and profit distribution, the report titled Into the Web of Profit “exposes a cybercrime-based economy and the professionalisation of cybercrime”, with profit generation equivalent to the gross domestic profit of Russia.

The study by Dr Michael McGuire, senior lecturer in criminology at the University of Surrey, established that some $860bn of profit was generated from illicit online markets selling illicit products such as drugs, counterfeits and counterfeit-producing equipment, $500bn was made from the theft of trade secrets and intellectual property, and $160bn was earned through data trading of stolen data from debit and credit cards. Meanwhile, Crimeware-as-a-Service netted $1.6bn and ransomware brought in $1bn.

However, the report noted that these estimates on revenue generation were conservative.

“Illicit and illegal online markets are now the most lucrative cybercriminal form of revenue generation, constituting over 50 per cent of total revenues, while theft of trade secrets and other IP constitutes around 35 per cent of cybercrime revenues,” the report said.

Meanwhile, other figures in the report suggest that content theft websites make close to $227m in advertising revenue alone with overall revenues of around $4.4m annually, and individual criminals can make up to $521,000 a year selling streaming devices that provide access to film, television and other pirated content.

The report stated that individual earnings from cybercrime are now, on average, 10-15 per cent higher than most traditional crimes, with high-earning cybercriminals making $166,000+ per month.

The report also pointed to the emergence of “platform criminality”, which mirrors the online platform capitalism model used by companies such as Amazon, Uber, Google and Facebook, where data is the commodity.

In cybercriminal terms, the platform model generates revenues in two forms: through the exploitation of legitimate platforms – such as using Amazon to peddle counterfeits – and through the creation of new types of illicit platforms, such as dark web sites trading stolen data, illicit drugs or hacking services.

“The main contribution of platforms is to connect individuals with a service or product. The platforms produce nothing themselves in this process, but the end-user consumers provide platforms with the most precious of all commodities within an information-based economy – their data. We are now seeing the same thing in the cybercriminal underworld,” the report said.

The research also highlights that cybercrime is a system or an economy, rather than a business, with the various players all interconnected or hyper-connected. Furthermore, there is now a growing interconnectedness and interdependence between the illicit and legitimate economies, which is generating a web of profit, the report said.

“This system is dynamic and evolving and one of its key driving factors is revenue generation and ultimately profit. Understanding revenue generation and its flows not only offers a different way in which our knowledge of cybercrime can be enhanced, but by better understanding revenue structures and their flows, new options can be developed for controlling it.”

The research was commissioned by brand security firm Bromium. “The walls between the criminal and legitimate worlds are blurring; we are not simply dealing with ‘hackers in hoodies’, we are tackling an economic ecosystem that enables, funds and supports criminal activity on a global scale – from drug trafficking to terrorism,” said Gregory Webb, chief executive of Bromium.

He added: “The findings of Dr McGuire’s research provide shocking insight into just how widespread and profitable cybercrime has become. The platform criminality model is productising malware and making cybercrime as easy as shopping online. Not only is it easy to access cybercriminal tools, services and expertise: it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks as the web of profit continues to gain momentum… By gaining a better understanding of the systems that support cybercrime, we think we can better understand how to disrupt them.”

Related articles:

     Want our news sent directly to your inbox?

Yes please 2


Home  |  About us  |  Contact us  |  Advertise  |  Links  |  Partners  |  Privacy Policy  |   |  RSS feed   |  back to top