Hackers are more industrialized than ever before and hacking communities now resemble an organized drug cartel, according to a report released Monday.
Imperva, a data security company, found that today’s cybercrime industry has transformed and automated itself to mimic the 19th century industrial revolution, which accelerated assembly from single to mass production.
The roles and responsibilities within the hacking community have developed to form a supply chain that resembles a drug cartel, according to the report, titled The Industrialization of Hacking.
There are three major roles within the industrialized hacking model. Firstly, the researcher searches for vulnerabilities in applications, frameworks, and products and then gives this information to malicious organizations for the sake of profit.
Secondly, a farmer maintains and increases the presence of botnets in cyberspace through mass infection. A botnet is an army of infected computers that hackers can control from a central machine.
Lastly, the dealer distributes the malicious content.
As an example of this ‘industrial revolution’, the report noted a new hacker scheme that is infecting educational servers worldwide with Viagra ads. Users get infected with malware when they visit the infected page on the legitimate education site.
“This attack on academic institutions highlights how hacking has become industrialized infecting servers from major institutions including UC Berkeley, Ohio State and more, said Imperva CTO Amichai Shulman.
Ironically, this technique is the most prevalent method used to create havoc in cyberspace, yet remains virtually unknown to the general public,” he added.
The study comes on the heels of Microsoft’s court approval to deactivate a global network of computers that the company accused of spreading spam and harmful computer codes.
Microsoft will deactivate 277 Internet domains which the company says is linked to a botnet.
Meanwhile, Google said in January they were victims of a highly sophisticated and targeted attack originating in China in mid-December, evidently to gain access to the e-mail accounts of Chinese human rights activists.
China rebutted the claim, saying that it was groundless in a statement, saying Google must abide by Chinese law.