Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

You're a cybercrime kingpin. You need a new evil lackey. How much do you tell them?

Henchperson wanted: Must have Java, C++, signature villain cackle

RSA 2016 Cybercrooks, much like ethical security defenders, are facing a skills crisis and difficulties in recruiting qualified staff. Their attempts to bring workers into criminal organisations leave it possible for experts to learn more about their strategies and tactics, according to new research from threat intelligence firm Digital Shadows.

Kingpins behind cyber-fraud need an ecosystem of malware writers, exploit developers, botnet operators and mules in order to build their business in order to turn a dishonest living. However, finding individuals who can be trusted is difficult and requires a rigorous application procedure.

Running against their desire for anonymity, many cyber criminal organisations have being obliged to adopt traditional, real-world recruitment techniques. These tactics include posting standalone job ads on general purpose forums or by using specific job boards to seek out talent.

Once candidates apply, they are put through an application and vetting process. Hackers face the challenge of weeding out “script kiddies”, who possess few legitimate technical skills and can waste limited resources, as well as the need to guard against potential infiltration by law enforcement agencies or security researchers.

All this is not too dissimilar to corporate cybersecurity hiring challenges. Due diligence is required to ensure that the proper candidates come through the process. S’kiddies, who possess no legitimate technical skill, must be put through a rigorous process to ensure they are up to the task. There are many instances of recruiters asking for application forms – some even offer an application template, according to Digital Shadows. Just like in corporate cyber security hiring, bringing the wrong candidate on board wastes limited resources.

Honour among thieves

Reputations are even more important to cyber-criminals than they might be to legitimate businesses, who would be prepared to train up less-skilled individuals. On the dark side, by contrast, there’s a desire to hire people who will be “productive” from the get-go and a desire to weed out chancers and clueless script kiddies.

Mad skillz

In practice, cybercrime gangs frequently use Skype to conduct interviews. However groups often require that the users’ voices are masked, video is turned off and traffic is ported through a service like Tor. The precautions are needed in order to provide a degree of anonymity.

Some crime groups - which as in the past mostly hail from eastern Europe and Russia - require that new recruits serve a probationary period, similar to common practice for techies starting work with legitimate corporations.

These varied hiring practices can be a source of useful intelligence to the the “good guys”. The information contained in cybercrime job ads can provide organisations with real value into attackers’ motivations and tactics.

Digital Shadows researchers involved initially harvesting intelligence by spidering the dark web and open web (forums and paste sites). Analysts then evaluated this data, which looked at cybercrime forums and more write in either Russian, English or German. The research is skewed towards cybercrime groups. Looking for signs of nefarious activity by government intel agencies and military groups was beyond the scope of the study.

The research was released on Tuesday at the RSA security conference in San Francisco.

Next page: Showing their hand

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like