In a town built on the sorrows of gamblers, everyone is looking to make a buck in Las Vegas. At the Interop networking conference last week, researcher Chet Wisniewksi of Sophos, explained how hackers can make millions from unsuspecting and naïve users.
Wisniewksi’s talk at Interop was all about explaining the economic ecosystem that drives cybercrime and how the different gangs exploit people. In his view, hacking for money is likely the most dominant form of attack today.
“We know that the vast majority of attacks are not related to APTs (Advanced Persistent Threats), the vast majority is opportunistic malware,” Wisniewksi said. “How do I make a buck off some poor suckers, whether it’s tricking them with a drive-by, or getting them to click on something, the whole point is to monetize.”
In Wisniewksi’s view, the way to make millions as a hacker is not necessarily just about the hacking exploits. The way to make the most money is by way of having a partner affiliate network.
“To be the king of the criminal amway if you will, is the most profitable place to be,” Wisniewksi said.
As an example, for fake anti-virus software, the distributor creates the files and the download site. The distributor creates a reseller or markup model for affiliates, as well as taking a piece of revenue from any new affiliate that gets signed up, in classic multi-level marketing fashion.
“You want to widen the network and build the pyramid,” Wisniewksi said. “We see the affiliates, making $150,000 a week, that means the people running he pyramid are making very large sums.”