Cybercrime’s New Business Model

Cybercrime’s New Business Model

BY JASON PRINT, CFP®, CO-PRESIDENT & CEO | APRIL 5, 2018

BY JEFFREY JANSON, CFP®, AIFA®, SENIOR WEALTH ADVISOR

The evolution of cybercrime in recent years has less to do with hacker’s technical tools and everything to do with a new business model.

In 2007, when hackers stole 45.6 million credit card numbers from T.J. Maxx servers, it catapulted this issue of “cybercrime” to national prominence and directly affected the lives of 13 out of every 100 Americans.

Even more recently, the Experian data breach that occurred in the fall of 2017 caused some level of personal financial data of over 143 million Americans to be exposed! This is over 44% of the population of the U.S. that was affected by the Experian data breach!

While data breaches still occur regularly, over the last ten years law enforcement has made significant strides in prevention. Credit card companies are getting better at detecting the breaches earlier and replacing consumer’s cards as needed. Payment networks have adopted microchip enabled cards that render the transaction data on the card worthless to cybercriminals.

The biggest shift that has occurred in the last ten years is that it has gotten less profitable to sell stolen credit card information to those who would use the data to commit fraud.

In fact, the price of stolen credit card information on the black market has dropped from $25 in 2011 down to $6 in 2016. It seems even the world of cybercrime is not immune to the law of supply and demand.

In response to the shortage of buyers in the marketplace for the stolen data, criminals have changed their business model to find a new way to monetize their plundered data – namely, they have started selling stolen data back to its original owner.

This represents quite a contrast to former “business practices” where a hacker would steal a huge cache of credit card data and then sell the data to other criminals who would then use it to manufacture fraudulent credit cards overseas. These cards would then be brought back to the U.S. to be sold, in order to avoid triggering fraud alerts from foreign-based purchases.

Each stage of the process exposed criminals to the risk of getting caught. While finding a way into computer networks is still relatively easy, it is the current market forces of supply and demand that have driven criminals to their new approach: Ransomware.

Ransomware is a form of malware that someone mistakenly downloads to their computer network which allows the hacker to encrypt the data on your hard drive and hold it for ransom. This approach solves several problems for criminals.

It is fairly easy to implement; in fact, just about any first-year computer science student could do it. It takes data that is essentially worthless in today’s data resellers market and sells it to the person for whom the data has the most value – its original owner.

The crime also tends to go largely unreported. All this explains why the use of ransomware is becoming increasingly common.

So, how can you protect yourself against ransomware? In a word: Vigilance. Be exceptionally careful when downloading anything to your hard drive.

Be wary of clicking on “pop-ups.” If you did not initiate the request for a download, then do not click on the link. Even if you did, be vigilant to make sure the link appears to be from a legitimate source.

You would be surprised how often hackers misspell words! It is also a great idea to back up the data on your computer on a predetermined regular basis. This can help minimize the damage of data loss if it can easily be recreated.

So if your data is kidnapped, can you trust that the hacker will return it if you agree to pay the ransom? It is truly a coin toss. Possibly the only way to put a dent into the profits of cybercriminals is to organize a concentrated campaign to stop people from paying for kidnapped data.