By: Tim Young
Getting a solid grip on the true scale of the economic cost of cyber-crime is no simple task. Hackers don’t tend to put out press releases about how much they stole, and the scale of the losses are often difficult for the victims to estimate. In fact, a surprising proportion of internet breaches are ongoing and, as you read this, a hacker may be digging through some other corner of your network, siphoning sensitive information and pocketing cash. Furthermore, if you’re like many companies or governments, the last thing you plan to do is report those breaches for fear of appearing vulnerable.
Based on the best available information, however, the Center for Strategic and International Studies released a report this summer that estimated that global hacking costs the world more than $400 billion a year. That’s roughly 15% of all of the money generated by the internet. By stealing intellectual property, confidential information, and financial resources, hackers may have cost high-income countries nearly 1% of their total GDPs.
Individual malicious hackers (and as Keren Elazari sums up nicely in her recent TED talk), not all hackers are out to get you or your money. But for the purposes of this article, we’re focusing on those with a mind for malice. These hackers can earn well in excess of $10,000 a week, and they have a reach that is truly global. Borders and walls may keep out burglars and vandals, but doesn’t do much against cyber-invaders.
Furthermore, the consequences of breaches in network security go well beyond the financial realm. For example, as governments worldwide look for ways to make voting more accessible, especially for those for whom travel to a physical polling place is difficult or impossible, internet voting is a natural move. But as a recent story in the Globe & Mail points out, as e-voting continues to gain traction, so does the risk of hacked elections. And I, for one, do not look forward to the day when I have to see a picture of the unanimously elected President L33tKillz47 at the post office.
But who are these hackers? John Trobough, president of cyber security firm (and Boeing subsidiary) Narus, recently posted a pretty handy infographic on that company’s blog that nicely outlines the hacker archetypes that currently swirl through the deep web.
These are the financially motivated hackers coming for your cash and credit card information. Working alongside a syndicate of other pros, these hackers grab corporate or personal financial assets or data they can sell.
What kinds of prices does this data fetch? Surprisingly little, in isolation. A recent CNBC story reported that on the so-called “dark web,” the shadiest corner of the deep web, credit card information is only worth a few cents. Social security numbers fetch about a dollar apiece. Distributed denial of service (DDOS) attacks can be bought for around seven bucks and hour, and medical records fetch closer to fifty dollars. There are bigger paydays out there, of course—exploits and malware and high-value bank account information—but the idea that each credit card number is a hot commodity worth thousands isn’t accurate.
But there is an alarming uptick and higher level of organization and sophistication, according to cybersecurity experts Ari Gomez of Verizon and Bruce Roton of Level 3 who recently took part in a panel discussion on the topic at Pipeline's COMET Executive Summit in San Diego last week. According to the latest data, credit card information is climbing to $100 per card and, in an interesting development, your digital credentials may be worth even more. Your username and password, essentially your digital identity, is quickly becoming the prize.