Life on the wild side is often tedious, repetitive, and not altogether lucrative

Those who enter the cybercrime space in anticipation of having an exciting, lucrative career are likely to be disappointed with the more humdrum reality, new research suggests.

High-profile cyber-attacks, such as the 2017 WannaCry ransomware outbreak, 2014 Sony hack, or this year’s compromise of celebrity Twitter accounts to tout cryptocurrency scams, can lend cybercriminality a certain antihero cachet.

However, in the same way that terrorists need to micromanage the mundane aspects of their affairs, cybercriminals have to keep a handle on the less glamorous side of their nefarious activities – often characterized by tedious tasks, repetition, and low pay, academics have found.

‘Unglamorous and tedious’

According to Cambridge University’s Cybercrime Center and the University of Strathclyde, running bulletproof hosting services, operating botnets, or maintaining Distributed Denial-of-Service (DDoS), and stresser services is “unglamorous and tedious work”, with burnout, boredom, and low pay all commonplace.

In a research paper (PDF), academics Ben Collier, Richard Clayton, Alice Hutchings, and Daniel Thomas describe three ‘cybercrime-as-a-service’ case studies and how they might lead to crooks exiting the cybercrime scene.

The research is based on interviews conducted with service operators and ‘staff’, existing case studies, and information scraped from online forums.

The first illicit infrastructure explored was botnets – networks of compromised, slave devices that can be commanded to perform DDoS attacks. Capacity can be sold as a booter service, but as botnets have increased in scope, so has competition.

“Running a booter service often requires substantial investment in customer support work, through a ticketing system or a realtime chat service, when issues arise with payments or with customers failing to understand how to use the service,” the team noted.

RELATED Sophisticated botnet feasts on old vulnerability to exploit content management systems

The second case study focuses on the Zeus banking trojan. After the source code of Zeus was leaked in 2011, operators began offering subscription-based access in return additional functionality and customization.

This market requires skilled operators to change the malware’s code depending on often low-skill client specifications in which code creation and maintenance, as well as providing constant customer support, can take its toll.

In the third case study, the team examined purpose-built illicit infrastructure, including underground forums and marketplaces. These platforms require a huge amount of administration to run, and at the lower levels, threat actors can be paid as little as $20 per month for screening, curation, and user management, they found.

Missing the point

“I think that for policymakers, one of the key points is that depicting ‘hacking’ as dangerous, risky, lucrative, and highly-skilled not only misses the point (as a lot of cybercrime relies more on boring administrative work) but also is potentially counter-productive, painting a glamorised picture of what is actually quite a dull and low-paid illicit industry,” Ben Collier, one of the report co-authors, told The Daily Swig.

“Focusing on the boring nature of this work (and making it [even] more boring by taking down illicit servers and complicating this administrative work in other ways) might potentially encourage more of these people to leave the cybercrime industry prematurely.”

The report follows the publication on Wednesday (November 4) of similar research that examined the operation and payment systems used by threat actors.

Conducted by academics from Australia’s Edith Cowan University and the UK’s University of Leeds, the paper (PDF) explores the DDoS and booter market and how stresser services are “similar to legitimate e-commerce websites in the way product, price and customers are differentiated”.

YOU MIGHT ALSO LIKE Linguists team up with computer scientists to spot trends on cybercrime forums