Tax Free Criminal Cyberprofits Fund Food, Avarice and Investments
Bromium’s Web of Profit research reveals the socio-economic and spending differences among cybercriminals
April 10, 2018
Bromium®, Inc., the pioneer and leader in application isolation using virtualization-based security, today announced the findings of an independent, academic study into how much money cybercriminals are earning, and what they spend it on. The findings are part of a larger eleven-month study titled Into the Web of Profit, sponsored by Bromium.
The research reveals how income and spending are almost cliché. While cybercriminals don’t have to pay taxes on their income, their annual earning level might push them into some of the higher brackets.
- High earners make up to $2m/£1.4m – almost as much as a FTSE250 CEO
- Mid-level criminals make up to $900,000/£639,000 – more than double the US presidential salary
- Entry level hackers make $42,000/£30,000 – significantly more than the average UK graduate
“Every time someone pays a ransom, they are participating in The Web of Profit,” says Gregory Webb, CEO of Bromium. “Cybercrime is a lucrative business, with relatively low-risks compared to other forms of crime. Cybercriminals are rarely caught and convicted because they are virtually invisible. As criminals further monetize their business allowing anyone to buy pre-packaged malware or hire hackers on demand, the ability to catch the king-pins becomes even more challenging. The cybersecurity industry, business and law enforcement agencies need to come together to disrupt hackers and cut off their revenue streams. By focusing on new methods of cybersecurity that protect rather than detect, we believe we can make cybercrime a lot harder.”
Data gathered through first-hand interviews with 100 convicted or currently engaged cybercriminals, combined with Dark Web investigations, reveals that:
- 15% of the cybercriminals spend most of their money on immediate needs – such as buying nappies and paying bills
- 20% of cybercriminals focus their spending on bad habits – like buying drugs or paying prostitutes
- 15% of cybercriminals spend to attain status, or to impress romantic interests and other criminals – for example, buying expensive jewellery
- 30% of cybercriminals convert some of their revenues into investments– such as property or financial instruments, and other items that hold value such as art or wine
- 20% of cybercriminals spend at least some of their revenue on reinvestments in further criminal activities – for example, buying IT equipment
Indeed, the report notes a growing market catering to cybercriminals by allowing them to buy things with virtual currency. Sites such as White Company, Bitcoin Real Estate and de Louvois offer luxury products priced in Bitcoin, which is becoming a concern for financial analysts.
“The range of spending habits among cybercriminals was fascinating,” says Dr Mike McGuire, the researcher. “A lot of cybercriminals spend their money on increasing their status, whether that be with peers or romantic interests. One individual in the UK, who made around £1.2m per year, spent huge amounts of money on a trip to Las Vegas, where he claimed to have gambled $40,000 and spent $6,000 hiring sports cars so that they could “arrive in style” to casinos and hotels. Another UK cybercriminal funnelled his proceeds into gold, drugs, expensive watches and spent £2,000 a week on prostitutes. It’s alarming how easily cybercriminals are able to spend their illicit gains – there is an ever-growing market that is almost tailor-made for cybercriminals to make these ostentatious purchases with little to no regulation or oversight.”
Further findings will be released during the RSA Conference in San Francisco. Dr. McGuire will present the full findings during his speaker speaking slot on April 20th from 09:00-09:45 AM on the Security Mashup track – code MASH-F01.
Into the Web of Profit is a nine-month academic study by Dr. Mike McGuire, Senior Lecturer in Criminology at Surrey University. It draws from first hand interviews with convicted cybercriminals, data from international law enforcement agencies, financial institutions, and covert observations conducted across the Dark Web. Get the free report: https://learn.bromium.com/rprt-web-of-profit.html.
About Bromium, Inc.
Bromium protects your brand, data and people using virtualization-based security. We convert an enterprise’s largest liability – endpoints — into its best defense. By combining our patented hardware-enforced containerization to deliver application isolation and control, with a distributed Sensor Network to protect across all major threat vectors and attack types, we stop malware in its tracks. Unlike traditional security technologies, Bromium automatically isolates threats and adapts to new attacks using behavioral analysis and instantly shares threat intelligence to eliminate the impact of malware. Bromium offers defense-grade security and counts a rapidly growing set of Fortune 500 companies and government agencies as customers.
Visit Bromium: https://www.bromium.com
Read the Bromium blog: http://blogs.bromium.com/
Follow Bromium on Twitter: https://twitter.com/bromium
Follow Bromium on LinkedIn: https://www.linkedin.com/company/bromium
About Dr. Mike McGuire
Dr. Michael McGuire joined the Department as Senior Lecturer in Criminology in September 2012. Dr McGuire read Philosophy & Scientific method at the London School of Economics where he acquired a first-class BSc Econ and he completed his Ph.D., at Kings College London. He has subsequently developed an international profile in the study of technology and the justice system and has published widely in these areas. Contact: email@example.com