Hacking, Incorporated
May 6, 2008
For some time, it has been commonplace that hacking and writing
malicious code have become big business. Still, the evidence that
continues to mount for this reality can surprise and even amuse us, as
some recent examples demonstrate.
- An article
in "Dark Reading" describes some of the sophisticated techniques
being used by malware authors, including reputation management
systems, third-party advertising and sales, post-sale support, and
subscription services.
- No self-respecting business these days would try to get by
without a sophisticated business model, and Hacking, Inc. is no
exception. A recent article
in "Security Hit Man" talks about one of the latest business models
being used: breaking into business systems to obtain inside
information that allows the hackers to make money on the stock
market. Insider trading—from the outside!
- Like other businesses, hacking is subject to business
cycles. "These are hard economic times for all, including, it would
appear, for identity thieves," begins a recent report,
which goes on to reveal that stolen credit card numbers in batches of
500 are now going for a total of $200, or 40 cents each—less than
half of what they were going for in the first half of 2007. Cyber
criminals are having to resort to business strategies like volume
discounts to keep up their revenues in the face of this recession. The
report also notes that in parallel with the dollar, the price on
American identities have fallen to the point where European identities
are on average worth 150% more.
- Finally, Ars Technica reports on what must be the ultimate
in hacking impudence: malware authors that are now protecting
their work with EULAs (End User License Agreements). Joel Hruska
points out the irony of this situation: "It's obviously difficult for
the manufacturers of an illegal product to threaten legal sanctions
against an infringer, but the Zeus authors give it their best
shot. According to the EULA, 'In cases of violations of the agreement
and being detected, the client loses any technical support. Moreover,
the binary code of your bot will be immediately sent to antivirus
companies.'"
One can only wonder what will come next. Government bailouts for
bankrupt spamming companies? Stock market listings for the Malware is
Us Corp. (symbol: MIUC)? Regulations requiring malware authors to be
professionally certified?
