Support 100 years of independent journalism.

Malware: On sale for the price of a pint on dark web

Cyber crime is accessible even to those with only basic IT skills, according to a new report.

By Jonny Ball

The dark web has made cyber crime accessible even to those with only “rudimentary” IT skills, with malware available to buy for less than $10, around £8.50, a new report by forensic experts Forensic Pathways and security platform HP Wolf Security has found.

The dark web – a group of websites only accessible via special routing software, usually Tor – gives cyber criminals “an anonymous online environment” where they “can collaborate, organise, hone their skills and establish illicit shops”, the report says.

The early hacking subcultures of the 1990s, in which participants would often compete purely for the prestige of demonstrating their technical prowess, have receded and given way to a for-profit free-for-all of “DIY cyber crime” kits and for-sale malware, the report’s authors claim, dramatically lowering the skills level needed to engage in cyber crime.

“Back in the day you had to figure stuff out yourself and show off what you could do technically to be noticed,” said Michael Calce, HP Security Advisory Board chairman and former hacker. “Today, only a small minority of cyber criminals really code – most are just in it for the money, and the barrier to entry is so low that almost anyone can be a threat actor.”

In 2000, Calce, then a young teenager using the pseudonym “MafiaBoy”, launched a series of high-profile denial-of-service attacks against large online companies such as Yahoo, Amazon, Dell and Ebay. Yahoo, then the world’s most popular search engine, was sent offline for an hour. Now working as a security expert, Calce says the monetisation and spread of ransomware is “bad news for business”.

Select and enter your email address Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU

[ See also: How ransomware shut own an English council ]

Content from our partners
Why public health policy needs to refocus
The five key tech areas for the public sector in 2023
You wouldn’t give your house keys to anyone, so why do that with your computers?

Many criminals have now shifted from online fraud to data denial and destructive attacks, supercharged by the dark web and aided by the emergence of cryptocurrencies like Bitcoin. These have given hackers new, difficult-to-trace ways of monetising and laundering money from ransomware scams. Cyber crime has followed a trajectory towards “service and platform business models”, the report says, becoming much more efficient and targeted. “The cyber crime economy,” says Mike McGuire, senior lecturer in criminology at the University of Surrey, “has shifted from sole traders to mass production in less than 25 years.”

The cyber crime world has grown very sophisticated, according to the research, with 77 per cent of online marketplaces requiring a vendor bond, or license, to sell, and 92 per cent offering a third-party dispute resolution service. All marketplaces provide Amazon-like review and rating services. More than three-quarters of malware adverts listed cost under $10, the report says.

“Unfortunately, it’s never been easier to be a cyber criminal. Complex attacks previously required serious skills, knowledge and resource. Now the technology and training is available for the price of a gallon of gas. And whether it’s having your company and customer data exposed, deliveries delayed or even a hospital appointment cancelled, the explosion in cyber crime affects us all,” says Alex Holland, senior malware analyst at HP and author of the report.

The National Cyber Security Centre’s 2021 annual report noted that 39 per cent of all UK businesses reported a cyber attack in 2020-21. And private companies aren’t the only victims – in 2020, Hackney council estimated it would cost £10m to recover from a serious breach that affected local service delivery.

[ See also: In the cyber war between Russia and Ukraine, media companies are under threat ]

Topics in this article: , ,