Join

Enter Details

Comment on stories, receive email newsletters & alerts.

@
This is your permanent identity for Business Insider Australia
Your email must be valid for account activation
Minimum of 8 standard keyboard characters

Subscribe

Email newsletters but will contain a brief summary of our top stories and news alerts.

Forgotten Password

Enter Details


Back to log in

A new report paints an alarming picture about the kind of cybercrime you rarely hear about

Cyberattacks on American targets are an emerging national-security threat and an issue for US foreign policy.

But for all the dangers of state-backed, politically motivated hacking, profit-motivated cybercriminals are a more frequent and perhaps much greater hazard for the majority of people.

North Korea may be able to hobble a major movie studio, and the Chinese government has frequently stolen information on US defence hardware.

But individuals are much softer targets than governments or major corporations. And every individual has access to information — ranging from medical data to bank-account numbers to online passwords to basic biographical information — off which enterprising hackers can profit.

Flashpoint, a private intelligence firm that researches online criminal networks, released Thursday its annual report on “highlights and trends in the deep and dark web.” The report, which was provided to Business Insider, gives a sense of how online criminality evolved in 2015.

The firm, which provides proprietary intelligence on dark-web activity, gathered some jarring data about the ease and apparent banality of contemporary online criminal enterprises. For example, Flashpoint found one online marketplace on which cybercriminals were selling hacking victims’ birth dates for as little as $3, for use in verifying fraudulent Google Wallet accounts.

The Flashpoint report portrays an online criminal community that’s becoming increasingly transnational. And with the help of growing foreign connections, dark web users in a country that’s been at the forefront of politically motivated hacking are starting to make a splash on the criminal scene as well.

Flashpoint’s experts have “observed increasing signs indicating the maturing and internationalization of the Chinese cybercrime underground,” the report said.

Screen Shot 2016 01 28 at 12.02.22 PMBank of AmericaGraphic from a Bank of America report depicting cyber attacks during a single 11-hour period in August of 2015.

As the report explained, Chinese cyber criminals have typically transacted through on “one-on-one engagements negotiated via private messages or instant messenger applications.”

But over the past year, they have shown signs of moving on to web forums and established networks that don’t depend on this degree of personal contact. And, according to Flashpoint, these forums are usually “within the Russian underground.”

Russia is considered to be the global leader in for-profit hacking, with Russian cyber crime representing an estimated $2 billion industry in 2014, according to

“Flashpoint has noted an uptick in Chinese-speaking actors operating on international, yet Russian-run, cybercrime forums such as Lampeduza, Crdclub, and Infraud,” the report said.

Chinese cybercriminals also appear to be learning from the example of Russian-based networks and establishing web forums within China, for specific use by Chinese cybercriminals.

“Taking a page from the Russian model, some Chinese cybercriminals have established native Chinese communities or shops of their own,” the report noted.

Though these networks’ users are typically limited to China, they include two sizable online shops dedicated to trading in stolen personal information and facilitating illicit purchases.

Xi JinpingPhoto by Greg Bowker – Pool/Getty ImagesChinese President Xi Jinping raises his glass for a toast during his talk before lunch at SkyCity Grand Hotel on November 21, 2014 in Auckland, New Zealand.

The fact that Chinese for-profit hackers are becoming more like Russia’s in their behaviour and practices has some alarming implications. China has a population of over 1.3 billion, some 649 million of whom are web users — making for a sizable pool of current and future cybercriminals. As it is, China is already one of the world’s most prolific and dangerous hacking nations.

At the same time, Russian dark web networks are a partial reflection of the country’s existing criminal culture, which exists in a context of widespread official corruption and close ties between organised crime and the state. The environment for enterprising cyber criminals isn’t quite as friendly in China, a more thoroughly oppressive state with strict web controls and a leader in President Xi Jinping, who’s made a far-reaching anti-corruption push one of his top priorities.

Xi also made a point of meeting with Silicon Valley tech-industry leaders during a September 2015 trip to the US, a sign of how highly Beijing values some of its business relationships in the US. Giving a free reign to cybercriminals — as Russia arguably has — would go against a number of Xi’s apparent priorities.

As the Flashpoint report said: “So-called ‘internet purification operations’ conducted by the Chinese authorities … will limit the growth of native sites.”

NOW WATCH: Here’s how North Korea’s leader Kim Jong-Un became one of the world’s scariest dictators

Follow Business Insider Australia on Facebook, Twitter, and LinkedIn