by Marc Goodman
As it turned out, the founders of Innovative Marketing chose to locate their company in Ukraine not just because technical talent was cheap but because authorities asked few questions and law enforcement cooperation was easily purchased. There young workers, like twenty-year-old “Maxim,” a former programmer for Innovative Marketing, admitted that frequent bonuses made it easy to ignore the ethical implications of the company. “When you’re just twenty, you don’t think a lot about ethics,” he added. As for the company’s founders, Messieurs Jain and Sundin, they are under indictment for their activities, wanted by both the FBI and Interpol. They were able to flee, however, to safe havens before they could be arrested, and their whereabouts remain unknown.
With their hundreds of millions of dollars stashed in secret bank accounts around the world, these Internet entrepreneurs achieved what most Silicon Valley entrepreneurs only dream of: a successful exit for their start-up. Though no longer in operation, Innovative Marketing was probably one of the most lucrative techno-centric criminal operations ever known. It is, however, by no means the only one. An estimated thirty-five million PCs worldwide continue to be infected with these rogue antivirus programs every month, putting $400 million a year in the hands of the remaining global cyber-crime syndicates. Welcome to the world of Crime, Inc.
The Cyber Sopranos
You been reading a lot of stuff about “Crime don’t pay.” Don’t be a sucker! That’s for yaps and small-timers on shoestrings. Not for people like us.
JAMES CAGNEY, IN ANGELS WITH DIRTY FACES
Crime is big business and the United Nations estimates that transnational organized crime rakes in more than $2 trillion a year in profits. The money comes from the narcotics trade, intellectual property theft, human trafficking, counterfeit goods, child pornography, identity theft, wildlife smuggling, and of course cyber crime. In total, organized crime is believed to account for up to 15 to 20 percent of global GDP. Consider it the world’s largest and most illicit of social networks, a constant cycling and recycling of people and contraband goods, spanning the globe, in operation twenty-four hours a day, seven days a week. Thanks to Hollywood, most of us have images of prototypical gangsters in mind when we think of organized crime, including mob bosses such as Tony Soprano, Vito Corleone, and Tony Montana. Today’s modern criminals, however, have mostly forgone the hierarchical structures of days gone by in favor of modern corporate organizations. Capos, dons, and lieutenants have been replaced with local, just-in-time, outsourced, ad hoc criminal networks that rapidly assemble and re-form to exploit any potential illicit opportunity.
Modern times call for modern crimes. As a result, the Tony Sopranos of the world have built and nurtured a much more powerful, far-reaching, increasingly profitable, and technologically competent criminal workforce. To this end, traditional crime groups—such as the Cosa Nostra (Italian Mafia), Japanese Yakuza, and Chinese Triads, as well as the Russian and Nigerian mobs—have all opened cyber-crime divisions to take advantage of the high-reward, low-risk profits available to them in a globally connected world. Cyber crime is borderless and offers great anonymity. Moreover, prosecutions are exceedingly rare, perhaps occurring in less than one one-thousandth of 1 percent of all cases.
The second major trend leading to the explosion in organized cyber crime has been the professionalization of hackers themselves. Their modus operandi has changed significantly since the good old days of the 1980s, when most hackers were tinkering with computer systems out of curiosity or to prove their own technical prowess. Hacking is no longer ruled by pimply teenagers wreaking havoc from Mom’s basement; in fact, today more than 40 percent of organized cyber criminals are above the age of thirty-five. Long ago, individual hackers figured out there was money to be made in subverting technology, and criminal hackers such as Albert Gonzalez were born. They realized it was possible to earn a good living by illegally breaking into the computer systems of others. Over time, word got out, and soon hackers were unifying around the world in underground networks, collaborating, and competing for criminal profits.
Hacking became a fully monetized activity, and the shift from hacker hobbyists to for-profit criminal hacking gangs was complete. New transnational cyber-crime syndicates, such as the Russian Business Network, ShadowCrew, Superzonda, and of course Innovative Marketing, were established to meet the wide-ranging opportunities in next-generation crime. And business is booming. As if the threat from individual hackers’ stealing credit cards and Mafia thugs’ breaking kneecaps weren’t bad enough, today traditional organized crime groups and highly talented hackers have united to combine forces, and the results for the general public and business are disastrous. While historically perhaps 80 percent of hackers were independent freelancers, today the opposite is true. According to a 2014 study by the Rand Corporation, a full 80 percent of hackers are now working with or as part of an organized crime group.
The Rand findings remind me of the great scene from the 1980s film Ghostbusters in which Bill Murray, Harold Ramis, and Dan Aykroyd have armed themselves with “proton pack” weapons to defeat the ghosts who have invaded New York City. At one point in the film, Ramis advises his two co-stars, “There’s something very important I forgot to tell you … Don’t cross the streams of your weapons … It would be bad.” Murray asks, “How bad?” Ramis replies, “Try to imagine all life as you know it stopping instantaneously and every molecule in your body exploding at the speed of light.” Murray’s response is deadpan: “Okay, that’s bad. Thanks for the important safety tip.” Borrowing from Murray and Ramis, our online and off-line worlds are converging, proverbial criminal “streams” are crossing, and we are now entering the great age of digital crime. In this new realm of digital criminality, hackers and old-school gangsters have joined forces in a modern “Legion of Doom” focused on leveraging technology to the fullest extent possible to maximize their power and profits at the expense of you and me.
This criminal exploitation of technology is nothing new, per se. When most cops were on foot or horseback, Chicagoland gangsters began using automobiles for their getaways. When the average patrol officer was issued a six-shot revolver, George “Machine Gun” Kelly was using automatic weapons. Drug dealers were the first major demographic after physicians to use pagers and had access to mobile phones long before any police officer was using them. Technology makes crime more efficient and so criminals are perpetual early adopters of all things tech.
Outlaws have proven particularly adept at using and exploiting technologies created by others and co-opting them for their own purposes, always on the lookout for new opportunities. Just as smart phones with Internet connectivity were coming into fashion, organized crime groups in Mexico City began using them for research purposes. What were they researching? Whom to kidnap, of course. As wealthy executives landed at the Mexico City International Airport, there was a smorgasbord of potential kidnap victims, but criminals wondered which companies might pay the largest ransom (greatest ROI) to get their executives back? Such a difficult thing to know; that is, until the smart phone came around.
Organized crime teams deployed at the airport had stationed themselves in the arrivals area, next to baggage claim, where rows of smartly dressed chauffeurs waited for the business travelers who had reserved their services. Each chauffeur carried a large cardboard sign with the name and company of an expected passenger—Mr. Smith from Merck pharmaceuticals or Ms. Jackson from Goldman Sachs, for example. The criminal gangs at the airport used the information on the chauffeurs’ signs to Google the executives on their smart phones and determine their corporate positions and net worth. Once they had found the biggest fish, kidnappers merely approached the chauffeur holding the most profitable sign and paid him to get lost, or else. A substitute criminal chauffeur kept the sign taken from the legitimate driver and held it calmly, awaiting his mark. The trap had been set and the deplaning executive walked right into the arms of the faux chauffeur, all because a cardboard “screen” had been hacked. Seve
ral executives were kidnapped and others killed using the smart-phone research technique.
Whatever the technical innovation, criminals are quick to adapt, either by mimicking legitimate Internet start-ups or by abusing their services. Borrowing a page from Uber, the ride-sharing phone app that connects crowdsourced drivers to passengers, a woman in the U.K. created her own SMS vehicle-on-demand service—for getaway cars. Sensing a market need by criminals without wheels, Nicole Gibson of Londonderry created a real-time “text a getaway driver” service to help robbers make a clean escape with the goods they had stolen from homes and businesses along the Irish border. In San Francisco, drug dealers in Dolores Park began using Square, a small white plastic device that connects to the iPhone and allows anybody to accept credit card payments, enabling hipsters who eschew cash to charge their ecstasy and pot. In New York, prostitutes tired of the cameras and overly inquisitive doormen at chic Manhattan hotels have turned to Airbnb to rent apartments for their trysts. The prostitutes pose as students or tourists, and the unsuspecting New Yorkers who rent their apartments have no idea their own beds are being used to entertain multiple clients and to host orgies. One escort service claimed it was saving “a fortune” by using Airbnb. “It’s more discreet and much cheaper than The Waldorf,” said a twenty-one-year-old sex worker. Whatever the technology or Internet service, criminals are there at the earliest stages, innovatively turning the newfangled tools to their advantage.
Crime, Inc.—the Org Chart
On the home page of Innovative Marketing’s Web site, it, like many Internet businesses, had helpfully included both an “About Us” and “FAQ” section for visitors to their site. Those who clicked “About Us” learned that “Innovative Marketing has been working hard to develop several products that help the consumer adapt to the change technology brings.” That’s one way to put it. No doubt had it written, “Innovative Marketing works hard to rip off people around the world by tricking them into believing they have a virus and duping them into paying $49 to remove something that doesn’t exist,” fewer people would likely have purchased its product. While organized crime groups themselves are not forthcoming about their actual structure and business practices, a variety of undercover operations, law enforcement sources, and cyber-security intelligence firms have shed light on their business structure and organization, which are presented below.
Surprisingly, the org chart of Crime, Inc. would look remarkably familiar to anybody in the traditional corporate world. It’s part Peter Drucker mixed with the latest cutting-edge business practices taught at Wharton or Harvard Business School. While there are elements of the digital underground that are not purely motivated by profit, such as hacktivists, Crime, Inc. is first and foremost about the money—shareholder value, if you will. These criminal enterprises go to great lengths to ensure their sustainability and as such are almost exclusively located in jurisdictional safe havens, places with weak governments, unstable political regimes, and police forces willing to look the other way, for a fee of course. Within these criminal syndicates, there are divisions of labor, supply chain management, department heads, outside consultants, and team deliverables. To understand the power and professionalism of Crime, Inc., we must first and foremost take a look at its org chart in order to deconstruct the modern criminal organization. Here are the most common roles and responsibilities based on undercover research:
CHIEF EXECUTIVE OFFICER
The CEO of any criminal enterprise is responsible for decision making and overseeing operations. He, like most traditional entrepreneurs, comes up with the “big idea” and provides the seed capital to see it through. He is often a “people person” and well connected to other elements of the criminal world and serves as the convener who assembles the right team of criminals to carry out any task. He is usually not deeply technical but hires others with the required coding and hacking skills to carry out his vision. The criminal CEO is not involved in any day-to-day dirty work or cyber attack that might be traced back to him. He sets goals and targets for his staff and oversees the distribution of criminal proceeds, especially at bonus time. The CEO is supported by a leadership team, including other C-suite executives.
CHIEF FINANCIAL OFFICER
The CFO keeps track of key crime syndicate metrics, including how much crimeware has been sold, how many accounts have been hacked, and what their balances are. He will use commercial business process tools, including financial reporting systems and databases to handle accounts payable (to crime contractors) and payroll for the criminal workforce. He also maintains a sophisticated network of clandestine financial contacts for purposes of money laundering, is responsible for managing front-company merchant accounts, and oversees global transactions in a variety of currencies, including online-payment service companies that eschew any “know your customer rules,” such as Liberty Reserve.
CHIEF INFORMATION OFFICER
The CIO keeps the computer infrastructure of Crime, Inc.’s enterprise up and humming. He maintains so-called bulletproof untraceable computer servers and contracts with crooked Internet service provider hosting companies to ensure his crimeware remains beyond the reach of global law enforcement. The CIO helps maintain “customer” databases and botnet armies and is responsible for information security, including the management of “proxy networks” that preserve his employees’ activities and ensure that they cannot be traced. The CIO also handles the encryption of corporate criminal data, ensuring it is unreadable and unusable by either the authorities or competitor criminal hacking organizations.
CHIEF MARKETING OFFICER
As many legitimate businesses have learned, having a great product is often not enough. Profits depend on a company’s (or criminal enterprise’s) ability to effectively promote its goods and services. As such, marketing executives help design effective advertising copy and provide it to criminal affiliate networks for distribution throughout the digital underground.
MIDDLE MANAGEMENT
These operational managers are often recruited through long-term friendship, proven in crime and blood over extended periods of time. They are responsible for managing the greater criminal workforce as well as command-and-control networks that carry out the organization’s criminal technical operations.
WORKER BEES/INFANTRY
These are the ground forces in the war for crime, the equivalent of street corner dope dealers. They work with other elements of Crime, Inc. to help distribute malware via infected links, PDFs, and compromised Web sites. They will also break CAPTCHAs (those squiggly word designs that humans must type into a box to prove we’re human) and help deploy credit card skimmers in retail stores and on ATM faceplates.
RESEARCH AND DEVELOPMENT
As with most enterprises, the way to stay ahead of your competition is through cutting-edge research and development (R&D), and crime syndicates are no different. The R&D department is constantly on the lookout for the latest exploits in desktop software, mobile apps, and networking systems—opportunities that can be monetized by the rest of Crime, Inc. In addition, the R&D teams can handle particularly difficult customized coding as required to go after particular targets or systems.
CODERS, ENGINEERS, AND DEVELOPERS
These are the technical brains of the criminal outfit, and they are the key ingredients to any online criminal enterprise. These techies must develop the computer code and software programs that will infect other systems. They build Web sites and write the bulk of crimeware, ransomware, and scareware, including fake antivirus programs, to be distributed by the criminal network’s operatives. These are the people who write the exploits and malware that infect and attack the world’s information systems. Of course, before their code is released, it must first pass through quality assurance.
QUALITY ASSURANCE
The QA team is key to the success of Crime, Inc. It ensures the encryption shells in which the coders’ malware is hidden are good enough to bypass current security systems, such as antivirus soft
ware and firewalls. The QA coders test all crimeware against known antivirus definitions to ensure their malware can avoid detection prior to its release. Tools such as avcheck.ru and Scan4You.net allow these teams to evaluate the possibility of detection by eighteen of the most popular antivirus programs. Importantly, these anti-detection models are updated daily and are fully automated. Criminal QA testers can even sign up for notifications to let them know when some of the prior malware authored by their coders has been identified as a threat by security firms. These alerts allow the coders to rapidly update and modify their malware so that it again becomes undetectable and business marches on.
AFFILIATES
Affiliated marketing, as noted previously, is incredibly popular and profitable in the online world. Commonly used by Amazon.com and others, it pays affiliates based on the number of customers they bring to a given retailer. Affiliate networks form the very backbone of the cyber-criminal enterprise and many of the very best are located in Russia. These so-called Partnerkas work day and night to drive as much traffic as possible to the Web sites of their criminal partners. These low-level criminals handle product placement, whether the product be fake antivirus software, child pornography, Rolex reproductions, or counterfeit Viagra. The affiliate’s role is to introduce the criminal merchant to the unsuspecting consumer. Partnerkas spread their schemes via spam in e-mails, chat forums, blog comments, social media, and SMS messages. Crime, Inc. pays affiliates per click or per install each time an affiliate drives traffic to the criminal enterprise or when malware is downloaded to a victim’s machine. Active criminal affiliates can easily earn $5,000 a day, with some clearing $300,000 a month. Hysterically, crime bosses advise affiliates on their underground Web sites that “the use of spam or other illicit methods of machine infection are strictly prohibited.” That’s right, Crime, Inc. too has adopted terms of service and end-user license agreements to protect itself and deflect any claims of criminal culpability against the C-suite executives.