So How Much Can a Cyber Criminal Earn?

Imagine you’re trapped, through no fault of your own, you may be stuck in some small backwater of Eastern Europe, surrounded by poverty and unemployment – with limited options to escape and make a better life for yourself.  You’re bored, you have no focus, no chance for self-improvement, but you have the internet.

The influence of the net simply cannot be measured, for instance many thousands of years ago, one of the world’s greatest philosophers was condemned to death. Why?  Well Athenians were worried about what effect a 70+ year old thinker called Socrates would have on their population by wandering around and chatting in the city – can you imagine what a threat he’d be with a web site or blog nowadays.

But yet again I digress, the point I was trying to make is that the possibilities that have opened up are incredible in all areas, for good and not so good.  The world has got so very much smaller online, but for crime that is a fantastic boost.   The internet offers the chance to control, to sell both ideas and products and unfortunately to steal from people 1000s of mile from you without ever having to meet them.   The only barrier apart from morality to committing cyber crime is of course a decent education.

Of course, many disaffected youngsters had excellent educations in Eastern Europe and China for instance, far better than some of the people they see living the ‘good life’ in the big cities of Europe and America.   Crime has always been a chance for people to break out, to make better lives for themselves at the cost of others.   But nowadays Cyber Crime offers even bigger incentives with the added bonuses of being relatively safe and depersonalized compared to ordinary crimes (your victims are usually little more than email or IP addresses).

When you’ve seen these people in action, spoken to victims and the people trying to trace them you’ll understand why anonymous surfing is so very important to me!

There are of course almost unlimited opportunities for criminal acts on the internet – so here’s a real simple method used by many, obviously details are omitted – but to be honest they’re not hard to fill in.

Step One – Get Your Own Free Anonymous Proxy

A little effort and research will allow you to use the various script kiddy tools that will soon gain you access to other people’s information.  Break into a server somewhere running an old unpatched version of Microsoft IIS or Apache and then open up that proxy to the world, publish it on the many free proxy list sites scattered across the internet.   Pretty soon you’ll have all manner of people sending all their web traffic through your little proxy.

Step Two – Steal Their Data

Install a simple logging program on the server and watch as all the traffic flies passed in clear text, 99% will be HTTP traffic, unsecured, plain text details which can be easily read.   There are even programs around to help you parse this data easily, sifting out the email address, personal information, accounts and passwords. Log all the visits to sites like online banks, paypal, webmail, Moneybookers, eBay etc – anything where there is the potential to steal or use your identity fraudulently.

 

Step 3 – Monetize this Information

You’ll have so much data after a few days logging you won’t know where to start.  The possibilities are endless – after sorting the information, you’ll likely have some more obvious targets, information on who uses which online services, passwords or clues to passwords, email accounts where you watch and learn more.  It is at this stage that the smart cybercriminal shines, selecting the safest and quickest way to make money off his victims before disappearing into the night and erasing all his tracks from his stolen proxies.

Is it just Theory or does it happen?

I spoke to a guy who got scammed like this a couple of weeks ago, he actually made a living online, he had loads of websites that where very valuable to him.   Identity Thieves got his email address and account password, instantly gaining access to a huge part of his online life.   Their attack was to steal his web sites, a quick request to his hosting provider, changing the domains to point to a different owner and IP address.   Modify the registration details and then to sell on the hugely profitable web sites on for a bargain price to someone else in cyberspace.  He may get them back who knows, he’s in for some major headaches and legal problems to do it though, and he lost much more than if they’d just hacked into his PayPal account and stole a few hundred dollars.

Do you know why he use a hacked proxy server which was how he became a victim? Simply because he wanted to post multiple Craigslist adverts from different IP addresses! Very bad move – don’t use free proxies you know nothing about. You can risk them for low risk sites like streaming or watching the BBC World News from abroad but it’s rarely worth it.

But of course, as per usual, I haven’t answered the question – how much can a cyber-criminal earn?  I’m afraid a heck of a lot more than you or me!

Legitimate Money-Making Options

Remember though, you don’t have to be criminal to make money online.  There’s plenty of options to make money legitimately wherever you happen to be.   Some people think that these options are denied to them because of their physical location, yet it’s simply not true.  Sure, you can find that there are some added complications if you’re trying to run an online business from India, Nigeria or somewhere in Africa.  It can be difficult to get access to finance, online banking and payment processors but it can be done.

What’s more there are a growing number of options for hiding your location anyway.  If you want to run a social media empire combined with lots of money-making opportunities, then you can wherever you live.  Indeed, most successful people in the developed world have to hide their location as well. Most have multiple digital identities through proxies and VPNs in order to scale any opportunities easily.   It doesn’t matter if you’re in New York or Lagos, it can make sense to change your Instagram IP address if you’re running multiple accounts on the platform.

 

Facebooktwitterlinkedininstagramflickrfoursquaremail

Leave a comment