Cyber-criminals are realising there's plenty to learn from legitimate business

Cybercrime has grown up. It is now a multi-billion dollar industry bigger than most “traditional crime” and on par with many traditional, non-criminal industries.

The rise of Cybercrime-as-a-service has made hacking easier and more business-like than ever before. Organised cyber-crime gangs have become far more professional and troublesome than any bored lone-wolf. Cyber-criminal markets even do Black Friday-like deals now.

But despite growing up and becoming more organised, it’s still the internet. And trust is always at a premium. According to one Microsoft Research paper, “ever-present rippers who cheat other participants ensure that the market cannot operate effectively”. These cheats – aka Rippers - fail to provide the goods or service for which they’ve been paid, whether that’s a low quality of malicious software, providing fake data dumps, or selling the same information multiple times and therefore reducing the value (especially for bank account information, which may well have limits in place).


Yelp for cybercrime, is a new website designed to help foster trust between cybercriminals and call out those prone to double-crossing their fellow cohorts. Vice called it “Yelp for Cybercrime”, while SC Magazine labelled Ripper as “Rat-as-a-Service” site.

“Fraud between cyber criminals has always been an issue that limited the profitability of their malicious campaigns,” says Michael Marriott, Research Analyst, at security firm Digital Shadows. “Cyber-criminal markets are lemon markets where buyers can’t differentiate low and high quality goods, therefore providing a breeding ground for rippers.”

“Every transaction within the market then comes with a “ripper tax” attached to it, decreasing profits for both legitimate buyers and sellers. This in turn, slows the market down and makes further cyberattacks less lucrative.”


Set up in June of last year, Ripper aims to provide cyber criminals with better visibility of who they are trading with and reduce the likelihood of being ripped off. The database currently contains over one thousand profiles, and includes various contact and identification information, as well as details of the specific scams the perpetrators have pulled. As well as a clean and professional UI, Ripper offers Firefox and Chrome extensions, as well as a jabber (PsiPlus) plugin.

“Criminal marketplaces have for some time copied the ‘eBay model’ of seller feedback to engender trust within their communities and help cut down on the ripper issue. Services like have the potential to remove the ‘ripper tax’ and enable criminal marketplaces to flourish to the detriment of legitimate businesses and the general public.”


Startup mode

Much like any of today’s trendy startups, Ripper is chasing growth, not revenue, in its early days. “ appears to be in ‘start up mode’,” says Marriott, whose company has been keeping track of Ripper and other underground activity. “There is limited advertising and suggestions of a subscription-base model to come but at the moment it is more concerned with attracting a loyal number of users and adding intelligence to the platform in the form of a detailed list of known rippers.”

Cyber-criminals are even embracing the business world’s growing love of Openness. According to Marriot, the people behind Ripper have promised the source code will be open source, and outlined the business model will be ad-driven, at least for the near future.

“It has been open with its roadmap as just as with legitimate online businesses, without understanding how Ripper makes money, the customers won’t trust it.”

While Ripper is dedicated to taking the scammers out of cyber-crime, there are lessons that can be learned for legitimate businesses if they look to use it as a useful resource. If, for example, a particular user is selling data pertaining to your organisation, Ripper can be used to assess their credibility and reputation, and thus gauge how legitimate their claims are.


Mirroring legit businesses

In Digital Shadows’ report on Ripper, the company labels it another way that cyber criminals are looking to monetise services and “mirror legitimate business models”.

“Cybercriminals are realising there’s plenty to learn from legitimate business, whether this is through better marketing or product features,” explains Marriott. “This doesn’t just apply to reputation services, either. Recent ransomware variants such as Spora have an incredibly impressive user interface and business model.”

“Many criminal organisations also have sophisticated support functions including Freephone numbers and online chat capability which in some cases would be the envy of legitimate businesses. We’ve even seen the existence of “PR representatives” for marketplaces who seek to engage with frustrated users on other forums.”


Also read:
Will a cyberwar détente result in businesses facing more cybercrime?
Does hacking pay?
InfoShot: Hacking doesn’t pay
Cybercrime more prevalent than traditional crime in UK
The future of machine learning in cybersecurity: What can CISOs expect?


« C-suite talk fav tech: Richard Walton, Avirtual


The CMO Files: Tim DeBrincat, olloclip »
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?