Cyber, short for cybercrime or hacking, has become the latest ‘as a service’ offering in the world of hackers and these days it is not unusual for someone sitting in Gurugram or Guwahati to set up a phishing scam for a customer in Europe or to digitally spy on someone in the UK.
Hacking, or crime as a service, is not a new phenomenon.
However, in the last few years, there has been a spurt of individuals offering these services to anyone who is willing to pay for them, unrestricted by geographical boundaries.
In the last few years, there has been heightened awareness around cybersecurity risks such as ransomware and phishing scams.
While this may have prompted most enterprises and individuals to improve their cybersecurity practices, it has also given rise to a whole new industry.
Discover the stories of your interest
“It is possible that there has been an increase in these cases because there’s more awareness around cybercrime, and the ease with which you can find someone to carry it out,” said NS Nappinai, a Supreme Court lawyer and founder of a cyber safety initiative, Cyber Saathi.
A quick internet search will lead you to someone who is willing to set up a phishing operation to scam an individual or an entire enterprise.
While most large groups operate out of Russia and neighbouring countries, security researchers said they often have affiliates around the world.
“As emerging technologies like 5G, metaverse and cryptocurrency gain more prominence in the mainstream, attackers now have new launchpads to explore more advanced attacks. This has led to a significant widening in the cyber threat landscape where “attackers-for-hire” have been a notable feature,” said Vicky Ray, principal researcher-Unit 42, Palo Alto Networks.
Working for cross-border clients is a far more attractive option as they can charge a higher fee and get paid in foreign currency.
India, with its vast pool of tech talent, has its fair share of hackers on hire.
The ‘for-hire’ model means that the technical bar for anyone wanting to perpetrate a crime is much lower.
“Through offerings like start-up kits and support services, RaaS (Ransomware as a Service) entrepreneurs set the terms for providing actual ransomware to affiliates, often in exchange for monthly fees or a percentage of ransoms paid. This lowers the barrier to entry and expands the reach of ransomware,” Ray said.
The chief of a cyber cell unit told ET that this was a lucrative option for someone looking to make a quick buck given the low risk-high reward model.
The payoffs in this case typically range from a few hundred to a few thousand dollars, and the risk of getting caught is near zero.
The ‘traditional’ alternative would be chain snatching, where the chances of being caught are high.
If caught, the person can be tried under the IT Act, but tracking down someone and then proving the crime is not easy. If it is a cross-border crime, then the challenges only multiply.
“While you can track them down, it is certainly a difficult process,” said Nappinai.
Once the perpetrator is caught, proving that he or she committed the crime isn’t a straightforward process given the nature of digital evidence. As a result, conviction rates are abysmally low, taking away the fear of repercussions, the chief of the cyber cell added.
For all the latest Technology News Click Here
