Security Market Segment LS
Wednesday, 18 May 2016 18:12

The 'big' business of hacking Featured


Hewlett Packard Enterprise has authored a white paper that exposes some of the business innovation of the business of hacking. It is well organised and very profitable – well, both HPE and hacking.

Author Kerry Matre says that to win in the marketplace and beat competition your organisation must innovate. Hackers are no different, and there is an entire marketplace out there trying to benefit financially from legitimate business. Understanding the value-chain of this underground economy helps to disrupt it and radically reduce risk.

Matre says, “What we found were mainly mature businesses that look a lot like ours. These organizations are profit driven. They want to use the fewest resources to get the greatest gain.

They have clearly defined motivations.”

  • They compete in their marketplace on innovation, on quality, on price…
  • They even have departments like HR, sales, marketing and even customer support.
  • They have finance functions to launder money and even have access to legal resources.
  • It is quite fascinating how similar their organisations are to ours.

Hackers follow the money – hacktivists want revenge

Perhaps for the first time, HPE has put the various forms of hacking into a quadrant chart with the two axis covering potential for payout and effort and risk.

This quadrant shows that ad fraud (hijacking ad clicks or serving fake ads to generate traffic – see iTWire article here) has the highest returns for the least effort – it's easy. Hacktivism has no return but is also very easy. Ransomware (extortion) is also relatively high on the return scale and of mid-difficulty.

HPE identifies the major risks as:

  • Ad fraud: deliberately attempting to serve ads that have no potential to be viewed by a human user. Attackers set up a page of ads and have bots visit to generate fake traffic. Since it looks like the ads were viewed, the advertising network still gets paid.
  • Credit card fraud: One of the largest headline-grabbing types of internet-based underground crime. It involves either skimming bankcard numbers and PINs from point-of-sale (POS) and automated teller machine (ATM) systems, or stealing data from back-end systems. Attackers make money selling the bankcard information. They can also make money creating physical cards from the stolen information. These enable “card present” and “card not present (CNP)” fraudulent purchases. These purchases are usually for easily sellable assets that can be used as “underground currency.”
  • Payment system fraud/Bitcoin mining: Relatively new to the industry, this type of business involves stealing money through alternative payment systems including PayPal, Apple Pay, and Bitcoin. Attackers make money by stealing money directly or laundering the money once it has been taken.
  • Bank fraud: This older business involves hacking into online banking systems and transferring money from one valid account to another account owned by the attacker. Money can be made through direct funds transfer and commonly via wire transfers, or by selling network and vulnerability information about the bank system. These types of businesses often incorporate in specific regions of the world, to inhibit or elude investigation and interdiction.
  • Medical records fraud: This usually involves stealing personal identifiable information (PII) from electronic medical records, health information exchanges, and other health systems. The data is then sold for insurance fraud or identity theft purposes. Since this type of attack is newly emerging and some international attacks have been reported, it is likely that new forms of fraud will occur over time
  • Identity theft: This involves stealing information about individuals' identities. Attackers make money by selling this information, including addresses, social security numbers, and credit information. The stolen information can be used to open lines of credit or to create other identities for use in other businesses listed above or simply as currency for the underground marketplace.
  • Credential harvesting: This involves stealing user names and passwords, often via phishing emails containing links that serve a fake but seemingly legitimate webpage and capture user credentials for banking sites, etc. This information can then be sold to those involved in the businesses listed above. More often, these credentials are stolen in database thefts and then the dumps are sold in the underground.
  • Bug bounty: Identifying application vulnerabilities has become a lucrative business with its own marketplace and players. Vendor and third-party programs (the ZDI, Bugcrowd, Microsoft®, United Airlines, etc.) operate in the white market to remediate vulnerabilities before they are exploited in the wild. Gray and black markets purchase vulnerabilities and full exploits for private use, often weaponisation (black) or to spy on private citizens suspected of crimes (grey).
  • Extortion: This often targets higher-level employees or systems and datastores. Ransomware, installed on a system, prevents users from accessing their systems by either locking the computer screen or encrypting files with a password. The attacker demands a ransom in order to release the files. The ransom values may vary, ranging from US$500 to US$50,000 or even higher.
  • IP theft: This involves stealing intellectual property. Such activity has been seen in the electronics industry (cell phones, tablets, etc.), as well as in the defence industry (war planes, weapons, etc.). It has even been seen in the entertainment industry (movies, software, etc.). Attackers make money by either being “employed” to infiltrate the organisation in order to obtain access to the targeted intellectual property and sell it to the target’s competitors.

Then there are the five main types of hackers.

Hackers also have SWOT moments

The 20-page free report (registration required) is interesting reading. There are many more insights into the nefarious, recidivist, hacker psyche.

I will skip to the summary:

The business of hacking is a business just like ours. If we think of it like a business, like a competitor, then we can prioritise the most effective efforts to disrupt it.

All enterprise security technologies are intended to slow attackers in some way, with varying degrees of effectiveness. Some are effective at deterring opportunistic attackers (patching) but are ineffective with targeted attackers. Others are successful at reducing attacks of one type (EMV chip and pin credit cards), but lead attackers to move to alternate attack vectors (mobile payments). It is our duty as a legitimate enterprise to introduce these technologies to disrupt the business of hacking on a continuous basis. It is critical that an enterprise determine which technologies will be most effective at disrupting the adversaries targeting their unique business.

Read 4143 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News