It’s no secret that some computer crime can generate a lot of money. For example, the author of Cerber ransomware relies on an affiliate system to distribute their creation. The malware developer collects only a fraction of the ransom payments, the average value of which usually amounts to around one Bitcoin. But even with just 0.3 percent of victims paying the ransom, the author makes about one million dollars a year off of the affiliate scheme alone.
Clearly, computer crime can be lucrative but just like other forms of crime, it never pays. That’s because people like malware authors and ransomware-as-a-service (RaaS) affiliates are in the business of preying upon and extorting money from unsuspecting users. Their actions are illegal under every definition of law, which means they’re doing “business” on bought time. All it takes is one wrong move, one slip-up. After one mistake, they’ll lose everything and end up in prison.
That’s where a lot of computer criminals ultimately end up.
As part of National Cyber Security Awareness Month (NCSAM) 2016, it’s important that users not only know how to protect against ransomware and other IT security threats. They also need to understand that computer crime is a past time not worth pursuing.
Here are five stories that illustrate that point.
20 Years for Cooperating with the Islamic State
In June 2015, Ardit Ferizi of Kosovo gained administrative access to a computer database that stored the personally identifiable information of tens of thousands of customers, including U.S. military personnel. Ferizi compiled a list of the U.S. service people’s information and handed it over to Junaid Hussain, a former ISIL recruiter. He, in turn, tweeted out a link to the list.
Malaysian authorities arrested Ferizi in October 2015 and eventually extradited him to the US. Shortly thereafter, he made his first appearance in U.S. court, where a judge told the hacker he could face up to 35 years in prison for cooperating with a terrorist organization. Ferizi ultimately received a 20-year prison sentence for his crimes.
Copyright Law Catches Up with Illegal File-Sharing Website
U.S. authorities arrested Artem Vaulin, 30, of Kharkiv, Ukraine in July 2015, and charged him with ownership of Kickass Torrents – one of the world’s most-visited illegal file-sharing website. At its peak, Kickass Torrents was available in over 28 languages and distributed more than one billion dollars’ worth of copyrighted materials.
On the same day authorities arrested Vaulin, Kickass Torrents went offline. The site came back up eventually but amid increasing pressure from web browsers and federal authorities, one of its main domains went up for sale in August 2016.
Malware Group Brought Down by International Law Enforcement
Russian law enforcement arrested 50 members of a malware group that targeted Sberbank, one of the country’s largest banks. The group made off with 1.7 billion rubles (approximately US$25.33 million) from the institution by issuing false payment instructions. They also attempted to steal an additional 2.273 billion rubles, but they failed to do so.
Following their arrest, researchers at Kaspersky Lab determined the malware group was responsible for exploiting website vulnerabilities to infect unsuspecting users with the Lurk trojan. They also linked the group to the Angler exploit kit, whose activity completely dropped off following the arrests.
DDoS Attacks Aren’t Fun and Games. Ask Lizard Squad.
The U.S. Department of Justice arrested Zachary Buchta of Fallston, Maryland, and Jan Willem Van Rooy of Leiden, Netherlands. The two teenagers are believed to have participated as members of Lizard Squad and PoodleCorp, online groups which have run harassment services against unsuspecting users and launched distributed denial-of-service (DDoS) attacks against a number of targets including PlayStation Network and Xbox Live.
For their crimes, both individuals face a maximum sentence of 10 years in prison.
Web Stalker Sent to the Clink for Sextoring Women
In December 2015, Michael C. Ford, 36, pleaded guilty in federal court to nine counts of cyberstalking, seven counts of hacking into a computer with the intention to extort, and one count of wire fraud. His crime? Using his U.S. State Department computer, Ford send out phishing emails to women, stole their personal information, and used those details as leverage to make his victims send over explicit content.
Law enforcement eventually tracked multiple victims’ accounts to Ford’s IP address and arrested him after he attempted to return to London after visiting his parents in Georgia.
As the stories above illustrate, it doesn’t matter if someone’s cooperating with terrorists online, illegally sharing content via the web, developing malware, conducting DDoS attacks, or hacking into victims’ online accounts. Computer crime doesn’t pay, and the law eventually catches up with everyone who preys upon unsuspecting users. That’s because the FBI and other law enforcement agencies never stop looking for those who abuse the web for nefarious purposes.
Users with a high level of technical skills, therefore, have a decision to make. But that choice should be easy: they should disavow the life of a black hat and become members of the information security community.
Interested in learning more about the security field? Click here and here to learn where the industry could take you.