Blackhatonomics: An Inside Look at the Economics of Cybercrime

Blackhatonomics: An Inside Look at the Economics of Cybercrime

by Will Gragido, Daniel Molina, John Pirc, Nick Selby

View All Available Formats & Editions

Blackhatonomics explains the basic economic truths of the underworld of hacking, and why people around the world devote tremendous resources to developing and implementing malware. The book provides an economic view of the evolving business of cybercrime, showing the methods and motivations behind organized cybercrime attacks, and the changing tendencies

…  See more details below


Blackhatonomics explains the basic economic truths of the underworld of hacking, and why people around the world devote tremendous resources to developing and implementing malware. The book provides an economic view of the evolving business of cybercrime, showing the methods and motivations behind organized cybercrime attacks, and the changing tendencies towards cyber-warfare. Written by an exceptional author team of Will Gragido, Daniel J Molina, John Pirc and Nick Selby, Blackhatonomics takes practical academic principles and backs them up with use cases and extensive interviews, placing you right into the mindset of the cyber criminal.

  • Historical perspectives of the development of malware as it evolved into a viable economic endeavour
  • Country specific cyber-crime analysis of the United States, China, and Russia, as well as an analysis of the impact of Globalization on cyber-crime.
  • Presents the behind the scenes methods used to successfully execute financially motivated attacks in a globalized cybercrime economy.
  • Provides unique insights, analysis, and useful tools for justifying corporate information security budgets.
  • Provides multiple points of view, from pure research, to corporate, to academic, to law enforcement.
  • Includes real world cybercrime case studies and profiles of high-profile cybercriminals.

Editorial Reviews

From the Publisher

"I was asked to serve as technical editor for this book though, I admit, the work required little editing… Written by an exceptional author team, they take practical academic principles back them up with use cases and extensive interviews, placing you right into the mindset of the cyber criminal."--Andrew Hay blog, December 19, 2012 "A crack team of computer security consultants with backgrounds in the military, police, marketing, and academia present an encyclopedic resource on cybercrime for anyone responsible for computer security."--Reference and Research Book News, August 2013

Product Details

Elsevier Science
Publication date:
Sold by:
Barnes & Noble
File size:
3 MB

Read an Excerpt


An Inside Look at the Economics of Cybercrime
By Will Gragido Daniel Molina John Pirc Nick Selby Andrew Hay


Copyright © 2013 Elsevier, Inc.
All right reserved.

ISBN: 978-1-59749-976-7

Chapter One

Psychological and Cultural Trends


Introduction 1

Psychology of
Attackers 2
Some Background on
Cybercrime Legislation 2
Enter the Hackers 3

Psychology of
Victims 5
It's Not the Crimes
That Are New, It's Their
Execution 6

Attackers' Familiarity
with Human
Psychology 7
We All Want to Help 7
The Recruitment
Spreadsheet Gambit: RSA
Security 7
The Idiot in the Window
Affair: HBGary Federal 8

Motivations and
Trends 8
Politically Motivated
Attacks 9
Motivated Attacks 9
Financially Motivated
Attacks 9

References 9


* Psychology of Attackers

* Psychology of Victims

* Attackers' Familiarity with Human Psychology

* Motivations and Event-Driven Trends


When the average nontechnical person reads the newspaper and sees stories about Chinese hackers launching cyber espionage attacks against U.S. chemical companies, the whole thing sounds, frankly, a little Mission: Impossible. As they extend their arms and rapidly curl their index and middle fingers while they say the word spies or espionage, we can almost hear the air-quoted wink as Fortune 500 executives discuss the subject.

The second decade of the 21st century has seen rapid and highly disruptive technical innovation. However, the reason for the prevalence and success of cybercrime is not technical, but rather psychological and cultural: Generally speaking, we have not adapted quickly enough to see (let alone believe) the vulnerabilities that have been created by our intense reliance on the Internet and our constant connectivity to it.

Criminals, though, as they have historically, have quickly adapted to the new and improved Web speed of crime.

At the same time, we have observed that the gulf between the mindset of the attackers and the mindset of the victims symbiotically creates a perfect storm, which is peculiar to this specific moment in history. Never before have the speed of technological advancement, relative slowness in crafting and adopting new legislation, and psychology of criminals and victims combined to create an atmosphere that so encourages and rewards an illegal activity.

In this chapter, we'll examine these vulnerabilities, and the cultural and psychological barriers that prevent us as a society from taking more serious action. This is probably the least technical chapter in this book, but it sets the stage for the cyber attackers we describe later to enter our lives and our companies, and to so successfully relieve us of the intellectual property which, until recently, created the barrier to competing with Western, specifically American, high-technology firms.


We can think of few criminal enterprises in which the risks are so low and the potential rewards are so high than that of cybercrime. In this book, when we speak of hackers we are speaking of professional criminal hackers, or those hired by them and acting on their behalf.

Some Background on Cybercrime Legislation

It's a great time to be a cybercriminal: Not only have the laws of most countries not yet caught up with the technology (let alone the crime), but the politics of creating cybercrime laws are mired in a power struggle between agencies in single countries, and are stuck in an absolute gridlock when more than one country is involved. For the past several years, the FBI has struggled in turf wars with other federal, state, and local agencies to reign dominant in the investigation and prosecution of cybercrimes, while other, arguably more capable and proactively talented agencies, such as the United States Secret Service and U.S. Marshals Service (and some agencies which might be simply more contextually appropriate, such as the U.S. Postal Service), are left to fight for table scraps at the budgetary banquet. Simply put, no lawmaker understands this stuff enough to argue very effectively for or against anything yet.

Lastly, it still just isn't very sexy to sponsor cybercrime legislation. Constituents do not yet have the situational awareness necessary to rally behind it, let alone demand it, or they are too caught up in fixing physical infrastructure problems to care much about this "exotic" and seemingly remote problem: To them, cybercrime is the stuff of movies, or something that happens to someone else.

Even a cursory glance through proposals over the past couple of years to strengthen cybercrime law reveals a range of ineffectual options: from the overly broad and relatively meaningless National Security Council Strategy to Combat Transnational Organized Crime to congressional folks of one flavor or another baying for "tougher" "cybercrime" "Legislation". For the most part, these proposals fall into the knee-jerk category of "Oh, crud, some of my constituents got cyber-robbed and I had better get something done, dammit." This means we get some real whirligig doozies of cyber stinkers, usually centered on the completely false premise that lengthening sentences for computer intrusions is worth doing. It is not. There are laws against hacking, and they come with stiff prison sentences. The problem is not the deterrent nature of the prison sentence, but simplifying the process of establishing the facts of a cybercrime case, articulating the crime and the accompanying mental state of the perpetrator to a jury, and getting the jury and the judge to understand that (a) a crime took place and (b) that guy in the defense dock did it—provided anyone could identify the defendant and that the jurisdictional fruit salad cooperated enough for him to be sitting in court.

No, the problem is not that the sentences are insufficiently severe. The problem is that no cops other than a small number of feds are empowered, prepared, and trained to investigate cybercrime. These numbers are so small that simple resource-based triage means less than 0.01 percent of cybercrimes are even investigated, let alone prosecuted.

Cybercrime legislation, therefore, is not being driven by demands by judges and juries and prosecutors and cops and city officials and stakeholders for better clarity into the issues and better tools with which to do the job. It is being driven by chest-pounding lawmakers seeking to "do something" about the problem.

Enter the Hackers

Against this backdrop, and keenly aware of their unique moment in history, are gangs of professional cybercriminals, most commonly referred to as "hackers," and state-sponsored entities whose sole mission is to disrupt the commercial infrastructures of enemy countries. Previous books on hackers and hacking tended to get weighed down by the personality traits of hackers—depicting mainly male, acne-faced teens and young adults dressed in black and perpetrating their crimes in black-lit rooms of various types. This has long ceased to be the case; in fact, it is a cliché to say that the days of sport hacking and attraction to hacking's seductive subculture have ended, replaced by an industry that exploits computer application vulnerabilities to allow establishment of presence on a network for the purpose of stealing intellectual property.

So, in this book, we're going to talk about the hackers who typically face large corporations. They are well financed, are organized, and have either analyzed the salability of the information they pilfer or are controlled by a government-sponsored group or organization. In fact, as we will discuss later, from the victims' standpoint it really doesn't matter whether the attackers are government, private sector, independent, or affiliated: They are among the group of people who understand, as David Etue so succinctly put it, that $10 million spent on hacking that steals $1 billion of R&D is a good deal.

Hacking has become the shortest distance between the intellectual property assets you have and those you want, and whether your hacker seeks glory, political advantage, philosophical or religious statements, or cold, hard cash, the psychology of today's professional hacker is merely that of the pragmatist.

They will never send in the A-team if the B-team or C-team can do the job less expensively and as effectively. They will never mount a single campaign when two or three or more can be launched simultaneously. They will never use a previously unseen attack if an oldie-but-goodie gets the job done. In fact, they will always seek the simplest undetectable attack, and then move to quickly understand and then totally dominate the target environment, until they have extracted their quarry and can leave the network. They prefer to do this undetected, but aside from some tactics, being detected by the victim is not a game-changer.

By dominating the Dynamic OODA loop of their victims, the attackers can play endless rounds of whack-a-mole at a very low cost, all the while understanding the cost to their victims in treasure, patience, stress, and professional relationships. Attackers take advantage of the fact that they often understand the playing field—that is, the network that is under attack—better than its owner. In fact, most contemporary and sophisticated attacks rely on the stability of the network to turn single attacks into data-theft endeavors that are long lasting and profitable for the attackers.

Since total dominance followed by exfiltration of the desired data is the goal, prior methodologies of understanding hacker motivations should be superseded with the concept that, if you're determined (for political, philosophical, theological, or financial reasons) to turn to crime, there's plenty of encouragement to make yours a cybercrime.

A former Microsoft employee and former FBI agent once stated it best: "If you commit a cybercrime, there's almost no chance you're going to be caught. If you are caught, there's almost no chance you're going to be prosecuted. If you are prosecuted, there's almost no chance you're going to be convicted. If you are convicted, there's almost no chance you'll serve the full sentence."

Police-Led Intelligence's Dave Henderson, a 15-year veteran police officer, cyber investigator and fugitive hunter, has said it even more succinctly: "If you're a reasonably intelligent criminal, you do the math. You can knock over a 7-Eleven or a bank [and] net three grand and a really good shot at an aggravated felony charge, or you can commit a cybercrime, net 100 times that, and if you're caught, stand a real good chance of doing no time whatsoever—because the cops aren't going to understand what happened and the feds are going to triage your crime out of their workflow." Throw in a single international hop into your attack, and the odds of capture diminish logarithmically toward zero.

If all that is true—and as investigators, incident response consultants, and police officers, we aver that it is—there's almost no reason for any self-respecting, reasonably intelligent criminal not to resort to cybercrime.

In addition, and this is the most important point to understand in this section on the psychology of the attacker, there's no reason for your attacker to go anything less than full bore. Armed with the knowledge that they are effectively immune from prosecution, professional cybercriminals are bold, audacious, relentless, remorseless, and utterly devoid of sympathy for their victims.


On the other side of the chessboard sit the victims, who are as keenly unaware of their moment in history as the attackers are aware of it. Because so many of the most disruptive advances in technologies available to users have occurred on the server side, or back end, of the user experience, to users, detecting the full implications of these revolutionary technological changes is very difficult.

Consider, for example, that to the typical user of technology in a large enterprise, the entirety of the user experience is done through a Web browser, Microsoft Office, Outlook e-mail, and the occasional internal application. To this user, the fact that the browser is the gateway to a world of synchronous backup and server-side magic is totally invisible—and this is exactly the way it is supposed to be! And because most of the interactive work completed by this typical enterprise user consists of invisibly accessing massive stores of data, the user is almost entirely unaware of the power that his or her little terminal might afford an attacker.


Excerpted from Blackhatonomics by Will Gragido Daniel Molina John Pirc Nick Selby Andrew Hay Copyright © 2013 by Elsevier, Inc.. Excerpted by permission of ELSEVIER. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Meet the Author

Will Gragido possesses over 18 years of information security experience. A former United States Marine, Mr. Gragido began his career in the data communications information security and intelligence communities. After USMC, Mr. Gragido worked within several information security consultancy roles performing and leading red teaming, penetration testing, incident response, security assessments, ethical hacking, malware analysis and risk management program development. Mr.Gragido has worked with a variety of industry leading research organizations including International Network Services, Internet Security Systems / IBM Internet Security Systems X-Force, Damballa, Cassandra Security, HP DVLabs, and now RSA NetWitness, where he leads the RSA FirstWatch Advanced Threat Intelligence team.

Will has deep expertise and knowledge in operations, analysis, management, professional services & consultancy, pre-sales / architecture and strong desire to see the industry mature and enterprises & individuals become more secure. Will is a long-standing member of the ISC2, ISACA, and ISSA. Mr.Gragido holds the CISSP and CISA certifications, as well as accreditations in the National Security Agency's Information Security Assessment Methodology (IAM) and Information Security Evaluation Methodology (IEM). Additionally, Mr.Gragido is a Faculty Member of the IANS Institute where he specializes in advanced threat, botnet, and malware analysis. Mr.Gragido is a graduate of DePaul University and is currently preparing for graduate school. An internationally sought after speaker, Will is the co-author of Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats.

Daniel J. Molina (CISSP) is Director of Business Development for ELAM (Emerging Latin American Markets) in Kaspersky Lab. In this position, he serves as a managing director for the region, inclusive of sales, marketing, channel development, engineering and support.
Mr. Molina is considered a thought leader in the area of information security, and has been called to speak on issues such as the state of the security industry, “Security Best Practices”, “The Business Aspects to Information Security”, “Operational Efficiency in IT Security” and “The Myth of ROI in Security”, and “Capabilities Maturity Models in Security” at various industry forums worldwide. His view on security maturity has made him a sought-after resource to help explain and justify, in business terms, what users, businesses, and government entities require.
Daniel was previously Channel Sales Director for Latin America and the Caribbean at Kaspersky Lab, and first joined as part of the Field Marketing team for part of the United States.
In his previous role as Director of Advanced Solutions, and as a Security Evangelist for McAfee, Mr. Molina provided a voice to the McAfee Risk Management Process, and assists in complex and strategic opportunities for McAfee customers. He has also created curriculums, and provided training to multiple partners on Security Intelligence, and Anomaly Detection and Behavioral Forecasting models for security.
Daniel has extensive experience in enterprise security architecture design, internetworking, LAN/WAN implementation and project and team management. In addition to his role at McAfee, Daniel spent several years as a Principal Systems Architect for Q1 Labs, Solution Architect for Internet Security Systems and as an Enterprise Consultant with Entex Information Services overseeing infrastructure and Y2K project implementations for companies such as GTE, Nextel, and The Coca-Cola Company.
Daniel’s background includes several years as a systems specialist and administrator with enterprise and carrier environments. Along with numerous industry and technology-specific certifications, Daniel holds the following designations: CISSP, CBS, CCSA, CCSE, MCSE+I, and others.
Daniel studied Political Science and Psychology at the University of Southern California and Economics at the University of Texas, Arlington.

John Pirc has more than 15 years of experience in Security R&D, worldwide security product management, marketing, testing, forensics, consulting, and critical infrastructure architecting and deployment. Additionally, John is an advisor to HP’s CISO on Cyber Security and lectured at the US Naval Post Graduate School.

John extensive expertise in the Security field stems from past work experience with the Central Intelligence Agency in Cyber Security, as Chief Technology Officer at CSG LTD, Product Manager at Cisco, Product Line Executive for all security products at IBM Internet Security Systems, Director at McAfee's Network Defense Business Unit and currently the Director of Product Management at HP Enterprise Security Products leading the strategy for the organization's next generation security platforms.

In addition to a BBA from the University of Texas, John also holds the NSA-IAM and CEH certifications. He has been named security thought leader from SANS Institute and speaks at top tier security conferences worldwide and is most recently published in Forbes on Social Media security.

Nick Selby has been an information security analyst and consultant for more than a decade, and has worked in physical security and intelligence consulting in various roles since 1993. In 2005 he established the information security practice at industry analyst firm The 451 Group, where he conducted in-depth technical briefings and consulted more than 1000 technology vendors. Nick has consulted hundreds of venture-backed startups on understanding their competitive landscape, on product development and feature enhancements, user interface and security. He has consulted US and European governments, more than 80 investment banks, more than 20 venture capital firms; on the investment side, to better understand the technology and landscape of the companies into which they invested, and on the operations side on securing their intellectual property and processes. In 2007 he was appointed VP of Research Operations at 451, where he managed more than
35 technology analysts, developing analysis products and technologies to leverage their insights. Since 2006 Selby has served on the faculty of IANS Research. His work consulting F500 companies on data theft and industrial espionage has placed him at the leading edge of firms helping those under attack by adaptive, persistent adversaries, and he is experienced at managing attacks and architecting recovery networks.
Since 2008 he has focused on law enforcement intelligence, and he works part-time as a sworn police officer in the Dallas-Fort Worth Metroplex, investigating cyber crime. He teaches continuing legal education on cyber crime for prosecutors in one of the country's largest jurisdictions, and writes the TechTalk column for Law Officer Magazine. He is the CEO of StreetCred Software, which produces software that helps law enforcement serve fugitive arrest warrants through predictive intelligence.

Customer Reviews

Average Review:

Write a Review

and post it to your social network


Most Helpful Customer Reviews

See all customer reviews >