THE CHANGING FACE OF HACKING

As hacking and automation continue to converge, more vendors are stepping up to reap the financial gains. This strong shift toward monetization reflects three opportunities:

* Applying one’s own talent to build and market CAaaS tools.

* Offering hacking services on a freelance basis.

* Participating in activities that yield substantial financial payoffs.

Attack service vendors are seeking to replicate their successes by offering services via marketplaces. These marketplaces, which sell everything from DDoS-as-a-Service (DDoSaaS) to Ransomware-as-a-Service, have hit some potholes recently. Raids and takedowns have become common on the Darknet as federal agents around the world step up enforcement. Even as they are targeted by law enforcement, market operators and vendors face another set of threats from competitors, rogue users, vigilantes and extortionists. These players are looking to profit by exposing administrators’ personal details as well as vulnerabilities in their respective marketplaces.

For the onion network, 2017 has been an eventful year. In February a vigilante hacker took down more than 10,000 hidden services, representing about one-fifth of the network. The services were running on Freedom Hosting 2, one of the largest Darknet hosting providers. When a hacker discovered it was hosting child pornography, the hacker took the provider offline and leaked the databases and private keys in a public dump.

On July 20, 2017, Hansa was shut down following the July 4th takedown of AlphaBay. During a press interview on July 20, it became known that Hansa was originally taken over on June 20, but law enforcement officials did not immediately take the market offline. They instead operated Hansa for several weeks—quietly collecting user names, passwords and activities of users and vendors alike.

Ultimately, a takedown creates a vacuum that others will rush to fill. A new-and-improved marketplace will emerge—only to be taken down and replaced by yet another new marketplace. With so much money on the line, vendors use trial and error to continually rebuild bigger and better. They research new attack methods and continue incorporating more efficient and powerful vectors, including automation of attack services. They will continue to be targeted by law enforcement and researchers along with criminal hackers seeking their own paydays.

Consumers. Arguably the fastest-growing segment within the community, these are the non-skilled users who pay to play. They can now easily obtain Cyber-Attack-as-a-Service (CAaaS) tools in marketplaces on the Clearnet and Darknet.

Purists. These are the skilled hackers who have the expertise to conduct their own operations without paid services or other outside help.

Vendors. These are the skilled hackers who want to turn their capabilities into products and services to meet growing demand from hacking consumers.

Hacktivism historically has been a major motivation for hackers, with most operations carried out through collectives. In 2017, a growing number of hackers seem unfulfilled by joining an Anonymous operation and are choosing to work alone. Radware has observed a decline in organized operations by Anonymous and similar collectives. While there is still outrage in cyberspace, it is not necessarily coordinated (though this is admittedly difficult to track given how many individuals and small teams coopt the “Anonymous” brand when launching an attack).

We see several contributors to this shift from coordinated hacktivism to lone-wolf hacking:

Maturity.

Many who participated in hacktivism or vandalism in the virtual space a few years ago have since grown in skill and personality. Material needs have grown, prompting them to seek not only justice but also profit.

Cryptocurrencies.

The perceived value of Bitcoin and other cryptocurrencies has skyrocketed. Cryptocurrencies are also the only way to monetize skills and services over the Darknet—today and in the future. Hackers do not want to miss the “party.”

Market dynamics.

Hacking isn’t immune to the laws of supply and demand. Online marketplaces provide a vehicle to deliver hacking services regardless of what’s motivating the person buying and executing an attack.

In the past, launching a massive DDoS campaign required gathering a group of people, while leaking sensitive information required a surgical attack and much trial and error. Today even those without extensive hacking skills can easily find a mercenary or a service to do the dirty work. Damage can be done without the need to work through a collective, and even the most complicated operation is within reach. All you need is inspiration—and money. Even as hacktivist collectives diminish in importance, we see another type of group ascending: hacking “businesses.” A growing number of these operations have enough scope and scale to require a supporting team. Instead of rallying around a shared cause, these groups are focused on profit. The CAaaS market is highly competitive. Vendors offering hosting, anonymization and advanced attack tools need to do more than build those tools. They must also market them, support them and maintain an infrastructure for collecting and managing revenue.

There is an emerging trend of creating infrastructure to power cyber-attack tools. Beyond hosting attack tools, such infrastructure serves up a “buffet” of malware installations that can be leveraged for different purposes— from stealing data and spreading spam to launching ransom attacks and mining cryptocurrency. Hackers can rent this infrastructure and run any attack tool they desire on the infected machines.