Cyber Crime and Cyber Terrorism

238
CHAPTER 17
Responding to cyber crime and cyber terrorism
Pay-per-Use (PPU) to thousands of already compromised machines or provide ad-
ditional malwares to these computers already infected.
Spam bots can provide secondary information, for example, via stealing 
malware, fake antivirus software and Ransomware, to increase the flexibility of 
the infected machines and to maximize the potential revenue of each infected 
computer.
To give an idea of the economic impact of the botnets, the “F-Secure 2012 Threat 
Report” revealed that the ZeroAccess threat reportedly clicks 140 million ads a day. 
It has been estimated that the botnet is costing up to USD 900,000 of daily revenue 
loss to legitimate online advertisers. Moreover, as we will see later, in one of the two 
use cases, Eugrograbber earned 36
+
million euros.
The third level is obviously composed by Victims (owner of the infected ma-
chines) that, depending on the type of attack, may be a generic Internet user (if the 
number of the victims is the most important variable, e.g., in DDoS campaign) or 
belonging to a particular category of people (if the quality of the information to be 
subtracted is the most important variable).
Moreover, the users layer, is not necessarily monolithic, but can be further di-
vided into intermediate levels (e.g., organizations most experienced in malware de-
velopment could be not equally in its distribution) and consists of various criminal 
figures in a kind of partnership program where the higher level guarantees a mini-
mum number of “customers” to the lower one (see ZeroAccess Pay-per-Install—
PPI—business model).
The previous pyramid, as well as criminal business model, is considered as a 
measure of the real threat (the more the victim layer is wide the most of the threat is 
disruptive).
The mentioned botnet monetization models (PPI and PPU) affect both the direc-
tion and the magnitude of the “criminal value flows.” Moreover, in the specific case 
of the PPU model, the entity of a flow is proportional to the dangerousness of the 
threat.
In fact, while for a click-fraud-oriented botnet, money flows and their size are al-
most certain, for a general-purpose botnet, a criminal (User), who wants to attack for 
example a bank, might be willing to invest a larger amount of money to buy or rent 
a botnet (by Designers) sufficiently wide and sufficiently skilled for bank account 
exfiltration or DDOS campaigns.
So the botnet economic flows, in the two monetization models, can be repre-
sented as in 
Figure 17.4
(the thickness of the arrows is indicative of the amount of 
money).
A possible value chain for “Designers,” believed to be to most “e-structured,” can 
be represented by using models such as Porter’s model chart which is very similar to 
what can be generated for a generic software-house with a prevalence of the trustee 
element (for customers and suppliers) linked to the fact that the added-value will be 
directly or indirectly related to criminal activities.
Based on Porters model we can identify two sets of activities:

Download 5,67 Mb.

Do'stlaringiz bilan baham: