Hackers are criminals. Their crimes may not harm people physically, but they violate many of us intellectually, financially, and socially. A gang of modern-day pirates, they surf the internet trying to unlawfully enrich themselves with what many of us spend a lifetime protecting.
Who are these people? What drives them to a life of crime? How do they live their lives knowing that they got most of what they have by robbing others?
Well, to some of them, a life of cybercrime is simply their job. Every morning these people wake up, spend their morning with their families having breakfast, sending their kids to school, then with a lunch bag in hand they go to a non-descript office building where they work. They say hello to their co-workers and sit at their desks, where they spend their day sniffing around the internet stealing secrets, money, and identities.
They hide behind complex identities developed over months, or years. Their computer systems are not very sophisticated, but they covertly connect to other often-exploited computers, hiding their true origin. They have job titles, specialties, supervisors, insurance and other benefits too. Often, they are a cog in a large wheel of government- or corporate-sponsored hacking. They may not know the ultimate goal for their tasks and treat their activities just as a regular job. After a long day, they go home and enjoy their evening with their families without ever thinking about the harm they caused that day.
Like regular criminals roaming dimly-lit alleyways, hackers are now roaming the deepest corners of the web, forming gangs, where they are largely free to carry out nefarious transactions, on websites inaccessible from conventional search engines.
To demonstrate the ways in which the deep web is changing the nature of cyber-crime, we have two real-life examples: Yevhen Kulibaba and Ivan Klepikov, who were both lynchpins of a large, organised Russian hacker group.
Kulibaba is the thirty-something leader of the group. The syndicate has stolen over $100 million during his rule, but not every stolen dollar has found its way into the hackers' pockets. Bribes, payoffs to other groups, constant busts, and other failures have dwindled the stolen gains to between 15% and 30%.
Still, Kulibaba became very well off, pocketing more than half of the gang's profits. He owned a few houses, arrived at red carpet events in limos, took vacations in the most exotic places, and much more. Although married to a former professional athlete, Eugene also had a few mistresses and chased as many women as he could, claiming they "calm his soul".
Kulibaba was jailed in the UK in 2011 for his part in a £3m cyber fraud, and, after being released from prison, was extradited to the US charged with infecting thousands of business computers with a piece of malware known as Zeus. Yet he remains one of the most prolific cyber-criminals in the deep web, his approach characterised by a cold intelligence, allied to a ruthless streak.
One of Kulibaba's accomplices, 24-year-old Ivan Klepikov, is still on the run from the US authorities. Although the two men work for the same organisation, their stories are very different.
Klepikov has long been struggling to make a living. Although he held down a regular job as a web application developer, his job proved too easy for him, and did not pay well, so he had a lot of spare time and decided to apply his technical skills to hacking.
Klepikov was smart and a very good programmer. His viruses brought unparalleled devastation. There was even a bounty on his head, issued in the wake of one of his most debilitating viruses. Being the technical genius of the gang, he was underappreciated.
After a large successful theft, Kulibaba found himself almost $80,000 richer. At the same time, Klepikov should have received a $200 bonus, but he did not fully get it because he didn't submit his code on time. This, along his regular job, has always created financial problems.
Like Kulibaba, Klepikov is married and his wife is currently expecting, but constant fighting over money has driven him to a dating site. Even there, our research shows he has been plagued by his low confidence and failure. Yet danger, and the possibility of something new, keep Klepikov going with his meagre gains.
As well as cases such as the syndicate driven by Kulibaba and Klepikov, today there are also more "lone hackers" than ever before. Many hackers are loners by nature, so instead of taking orders from a boss they go into business for themselves. A secret manual on being a successful hacker, written by hackers for hackers, says, "...when you are typing, you have no friends... if you trust anyone, you are done".
Trust is a big issue - hackers are hunted and hated by everyone, including their own kind. Most of their culture has changed and instead of running in large gangs or organised business-like structures, hackers have begun to specialise and hone their skills. Working alone or in very small groups, these hackers rarely see crimes from beginning to end.
One such hacker is a Russian man we will call Sasha. Our analysts have found that he is burning the midnight oil, staring with blood-shot eyes at his monitor. He is often drunk on cheap vodka, and he is broke - no smokes, no drugs, and worst of all no money for gambling. No one would advance him a dime and it has been a while since the big payday.
Sasha pines for his prior glory days. Just over a year ago he was paid just to introduce a group of hackers to his acquaintance who operated a large virus-infected network, a "botnet". If he knew back then that this would eventually lead to the breach at Target, he would have begged to join in. He wishes he could pull off something like the Sony hack, but we have seen him quickly give up on several occasions but such a stuny requires skills he simply does not have.
Sasha also needs a new partner – his old partner and friend disappeared a number of months ago, which feeds his paranoia. For now, he is sifting through old stolen data that he weaseled from another hacker. Alas, the stolen credit cards were flagged already and credentials do not work. At the moment, for him, it not worth burning hard-earned trust.
A cyber-jungle with its own rules
Individual hackers often offer their services on Deep Web forums. Everything can be bought and sold here, from escorts to hitmen, kalashnikovs to child pornography. This has created its own unique micro-economy, with its own rules.
A single crime, like spam, may require a dozen small hacker groups to make it possible. It needs everything from creating a product to building a website, renting a spam server, software, and lists, getting the right message, filtering responses and delivering products. The breakdown of the process into micro tasks brings better efficiency but at the same time each group wants to get paid. This greatly dilutes profits, but cybercrimes continue to be profitable because they now go bigger with the scope and magnitude of their wrongdoings.
This "open market" for hacker-services-for-hire brought many changes to the game. One of them is customer service. In order to establish a business relationship, hackers must be polite to their clients, complete their surreptitious tasks in a timely fashion, and in some cases, even offer money-back guarantees. 'Kidala' (the Russian word for 'traitor') is a stamp put on hackers who defaulted on their end of a business deal, which usually causes a hacker to lose trust and reputation.
The modern transformation of this type of cybercriminal usually puts them in a tiny low-rent apartment on outskirts of a city, burning the midnight oil, looking at a monitor and trying to figure out a weakness in our defenses. And if they are successful, the money often goes toward gambling, drugs, alcohol, and women. After that, a crash, depression, and the need to return to the game for more.
Alex Holden is the founder of Hold Security and one of the world's most renowned deep web consultants. Visit www.holdsecurity.com for more info on Alex and his company.