TAX FREE CRIMINAL CYBERPROFITS FUND FOOD, AVARICE AND INVESTMENTS
Bromium’s Web of Profit research reveals the socio-economic and spending differences among cybercriminals
Bromium®, Inc., the pioneer and leader in application isolation using virtualization-based security, today announced the findings of an independent, academic study into how much money cybercriminals are earning, and what they spend it on. The findings are part of a larger eleven-month study titled Into the Web of Profit, sponsored by Bromium.
The research reveals how income and spending are almost cliché. While cybercriminals don’t have to pay taxes on their income, their annual earning level might push them into some of the higher brackets.
- High earners make up to $2m/£1.4m – almost as much as a FTSE250 CEO
- Mid-level criminals make up to $900,000/£639,000 – more than double the US presidential salary
- Entry level hackers make $42,000/£30,000 – significantly more than the average UK graduate
“Every time someone pays a ransom, they are participating in The Web of Profit,” says Gregory Webb, CEO of Bromium. “Cybercrime is a lucrative business, with relatively low-risks compared to other forms of crime. Cybercriminals are rarely caught and convicted because they are virtually invisible. As criminals further monetize their business allowing anyone to buy pre-packaged malware or hire hackers on demand, the ability to catch the king-pins becomes even more challenging. The cybersecurity industry, business and law enforcement agencies need to come together to disrupt hackers and cut off their revenue streams. By focusing on new methods of cybersecurity that protect rather than detect, we believe we can make cybercrime a lot harder.”
Data gathered through first-hand interviews with 100 convicted or currently engaged cybercriminals, combined with Dark Web investigations, reveals that:
- 15% of the cybercriminals spend most of their money on immediate needs – such as buying nappies and paying bills
- 20% of cybercriminals focus their spending on bad habits – like buying drugs orpaying prostitutes
- 15% of cybercriminals spend to attain status, or to impress romantic interests and other criminals – for example, buying expensive jewellery
- 30% of cybercriminals convert some of their revenues into investments– such as property or financial instruments, and other items that hold value such as artor wine
- 20% of cybercriminals spend at least some of their revenue on reinvestments in further criminal activities – for example, buying IT equipment
Indeed, the report notes a growing market catering to cybercriminals by allowing them to buy things with virtual currency. Sites such as White Company, Bitcoin Real Estateand de Louvois offer luxury products priced in Bitcoin, which is becoming a concern for financial analysts.
“The range of spending habits among cybercriminals was fascinating,” says Dr Mike McGuire, the researcher. “A lot of cybercriminals spend their money on increasing their status, whether that be with peers or romantic interests. One individual in the UK, who made around £1.2m per year, spent huge amounts of money on a trip to Las Vegas, where he claimed to have gambled $40,000 and spent $6,000 hiring sports cars so that they could “arrive in style” to casinos and hotels. Another UK cybercriminal funnelled his proceeds into gold, drugs, expensive watches and spent £2,000 a week on prostitutes. It’s alarming how easily cybercriminals are able to spend their illicit gains – there is an ever-growing market that is almost tailor-made for cybercriminals to make these ostentatious purchases with little to no regulation or oversight.”
Further findings will be released during the RSA Conference in San Francisco. Dr. McGuire will present the full findings during his speaker speaking slot on April 20th from 09:00-09:45 AM on the Security Mashup track – code MASH-F01.
Into the Web of Profit is a nine-month academic study by Dr. Mike McGuire, Senior Lecturer in Criminology at Surrey University. It draws from first hand interviews with convicted cybercriminals, data from international law enforcement agencies, financial institutions, and covert observations conducted across the Dark Web. Get the free report: https://learn.bromium.com/rprt-web-of-profit.html.