Abstract
This chapter explores the cybercrime-as-a-service operations that have changed the cybercrime marketplace from a direct sales model to a managed service model. As cybercrime evolved, so did the motivation and skill of the hackers. What began as a highly skilled activity undertaken by individuals driven by curiosity and research grew to a horde of lightly trained yet motivated young people looking for notoriety and/or a quick profit as tools became easier to use and more readily available. As the ability to profit from cybercrime grew exponentially, hackers began to sell their services, and eventually it was more profitable and less risky to sell a packaged cybercrime as a service than commit the crime. The cybercrime-as-a-service operations now involve many types of cybercrime including botnets, distributed denial of service attacks (DDoS), credit card fraud, malware, spam, and phishing attacks. The services are sold through hacker forums, direct web sales, and on the dark web using cryptocurrency. The world’s law enforcement agencies have recognized the threat of cybercrime-as-a-service operations, and there have been recent high-profile arrests of the operators and takedowns of the cybercrime-as-a-service operations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alhomoud, A., Awan, I., Disso, J., & Younas, M. (2013). A next-generation approach to combating botnets. Computer, 46(4), 62–66. Retrieved from http://doi.ieeecomputersociety.org/10.1109/MC.2013.67.
Alnabulsi, H., & Islam, R. (2018). Identification of illegal forum activities inside the dark net. In 2018 international conference on machine learning and data engineering (iCMLDE). https://doi.org/10.1109/iCMLDE.2018.00015.
Arbor Networks. (2015, January). Arbor networks 10th annual worldwide infrastructure security report finds 50X increase in DDoS attack size in past decade. Press Release. Retrieved from http://www.arbornetworks.com/arbor-networks-10th-annual-worldwide-infrastructure-security-report-finds-50x-increase-in-ddos-attack-size-in-past-decade
Arghire, I. (2017a). Poison Ivy RAT campaign leverges new delivery techniques. Security Week. Retrieved from https://www.securityweek.com/poison-ivy-rat-campaign-leverages-new-delivery-techniques
Arghire, I. (2017b). Neverquest trojan ceases operations. Security Week. Retrieved from https://www.securityweek.com/neverquest-trojan-ceases-operations
Bacurio, F., & Salvio, J. (2017). A peculiar case of Orcus RAT targeting bitcoin investors. Fortinet.com. Retrieved from https://www.fortinet.com/blog/threat-research/a-peculiar-case-of-orcus-rat-targeting-bitcoin-investors.html
Bedwell, P. (2016). Exploit kits for drive by download attacks. Alienvalut.com. Retrieved from https://www.alienvault.com/blogs/security-essentials/exploit-kits-for-drive-by-download-attacks
Bell, S. (2018). The dark art of malware creation. BullGuard Blog. Retrieved from https://www.bullguard.com/blog/2018/02/the-dark-art-of-malware-creation
Benjamin, V., Li, W., Holt, T., & Chen, H. (2015). Exploring threats and vulnerabilities in hacker web: Forums, IRC and carding shops. In Proceedings of the 2015 IEEE international conference on intelligence and security informatics. Baltimore. https://doi.org/10.1109/ISI.2015.7165944.
Botsman, R. (2017). How darknet sellers build trust, the Amazon for drug dealing is built around user reviews. Nautilus. Retrieved from http://nautil.us/issue/55/trust/how-darknet-sellers-build-trust
Brison, U. (2015, February). ‘Fullz’, ‘Dumps’, and more: Here’s what hackers are selling on the black market. Venturebeat.com. Retrieved from https://venturebeat.com/2015/02/08/fullz-dumps-and-cvvs-heres-what-hackers-are-selling-on-the-black-market/
Buntz, B. (2017). 8 strategies to transition to a product-as-a-service business model. IoT World Today. Retrieved from https://www.iotworldtoday.com/2017/06/14/8-strategies-transition-product-service-business-model/
Cao, L, & Qiu, X. (2013, July). Defense against botnets: A formal definition and a general framework. In Proceedings of the 2013 IEEE eighth international conference on networking, architecture, and storage, Xi’an, Shaanxi, China, pp. 237–-241. Retrieved from http://doi.ieeecomputersociety.org/10.1109/NAS.2013.37
Cimpanu, C. (2016). You can rent a Mirai botnet of 400,000 bots. Bleeping Computer. Retrieved from https://www.bleepingcomputer.com/news/security/you-can-now-rent-a-mirai-botnet-of-400-000-bots/
CISA. (2018). Security tip (ST18-004), protecting against malicious code. Cyber and Infrastructure Security Agency. Retrieved from https://www.us-cert.gov/ncas/tips/ST18-271
Computer Fraud and Abuse Act of 1986. (2012). 18 U.S.C. Section 1030. Retrieved from https://www.law.cornell.edu/uscode/text/18/1030
Cooke, E., Jahanian, F., McPherson, D. (2005). The zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of the steps to reducing unwanted traffic on the internet workshop 2005, Cambridge, MA. Retrieved from https://www.usenix.org/legacy/events/sruti05/tech/full_papers/cooke/cooke.pdf
Cooney, M. (2010). Researchers unsheathe new tool to battle botnets. Network World. Retrieved from https://www.networkworld.com/article/2231293/researchers-unsheathe-new-tool-to-battle-botnets.html
Crozier, R. (2009). Cybercrime-as-a-service takes off. ITNews.com. Retrieved from https://www.itnews.com.au/news/cybercrime-as-a-service-takes-off-139711
Curran, D. (2018). My terrifying deep dive into one of Russia’s largest hacking forums. The Guardian. Retrieved from https://www.theguardian.com/commentisfree/2018/jul/24/darknet-dark-web-hacking-forum-internet-safety.
De Groot, J. (2019). A history of ransomware attacks: The biggest and worst ransomware attacks of all time. Data Guardian. Retrieved from https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time
Dhanjani, N., & Rios, B. (2008). Bad sushi: Beating phishers at their own game. Presented at the Annual Blackhat Meetings, Las Vegas, Nevada.
Dittrich, D. (2012). So you want to take over a botnet. In Proceedings of the 5th USENIX workshop on large-scale exploits and emergent threats, LEET ‘12. San Jose. Retrieved from https://www.usenix.org/system/files/conference/leet12/leet12-final23.pdf
DOJ. (2018a). Akron man arrested and charged for launching denial of service attacks that shut down web sites for city of Akron and Akron Police Department. DOJ. [Press Release]. Retrieved from https://www.justice.gov/usao-ndoh/pr/akron-man-arrested-and-charged-launching-denial-service-attacks-shut-down-web-sites
DOJ. (2018b). Latvian national pleads guilty to “Scareware” hacking scheme that targeted Minneapolis star tribune website. DOJ. [Press Release]. Retrieved from https://www.justice.gov/opa/pr/latvian-national-pleads-guilty-scareware-hacking-scheme-targeted-minneapolis-star-tribune
Du, P., Zhang, N., Ebrahimi, M., Samtani, S., Lazarine, B., Arnold, N., Dunn, R., Suntwal, S., Angeles, G., Schweitzer, R., & Chen, H. (2018). Identifying, collecting, and presenting hacker community data: Forums, IRC, carding shops, and DNMs. 2018 IEEE international conference on intelligence and security informatics (ISI). https://doi.org/10.1109/ISI.2018.8587327.
Egan, M. (2019). What is the dark web & how to access it. Tech Advisor. Retrieved from https://www.techadvisor.co.uk/how-to/internet/dark-web-3593569/
Europol. (2017). Five arrested for spreading ransomware throughout Europe and US. Europol. [Press Release]. Retrieved from https://www.europol.europa.eu/newsroom/news/five-arrested-for-spreading-ransomware-throughout-europe-and-us
Europol. (2018). World’s biggest marketplace selling Internet paralyzing DDOS attacks taken down. Europol. [Press Release]. Retrieved from https://www.europol.europa.eu/newsroom/news/world’s-biggest-marketplace-selling-internet-paralysing-ddos-attacks-taken-do
FBI. (2017). Darknet takedown authorities shutter online criminal market AlphaBay. FBI.gov. Retrieved from https://www.fbi.gov/news/stories/alphabay-takedown
Fireeye. (2014). Poison Ivy: Assessing damage and extracting intelligence. Fireeye. Retrieved from https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf
Franklin, J., Paxson, V., Perrig, A., & Savage, S. (2007). An inquiry into the nature and cause of the wealth of internet miscreants. Paper presented at CCS07, October 29–November 2, 2007 in Alexandria, VA.
Fruhlinger, J. (2018). What is ransomware? How these attacks work and how to recover from them. CSO Online. Retrieved from https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html
Fruhlinger, J. (2019). What is phishing? How this cyber attack works and how to prevent it. CSO Online. Retrieved from https://www.csoonline.com/article/2117843/what-is-phishing-how-this-cyber-attack-works-and-how-to-prevent-it.html
F-Secure. (2018). SPAM is still choice of online criminals, 40 years later. F-Secure. Retrieved fromhttps://press.f-secure.com/2018/07/31/spam-is-still-the-choice-of-online-criminals-40-years-later/
FTC. (2019). Malware. Federal Trade Commission. Retrieved from https://www.consumer.ftc.gov/articles/0011-malware
Grebennikov, N. (2007). Keyloggers: How they work and how to detect them. Kaspersky Lab. Retrieved from https://securelist.com/keyloggers-how-they-work-and-how-to-detect-them-part-1/36138/
Greenberg, A. (2013). End of the silk road: FBI says it’s busted the web’s biggest anonymous drug black market. Forbes. Retrieved from https://www.forbes.com/sites/andygreenberg/2013/10/02/end-of-the-silk-road-fbi-busts-the-webs-biggest-anonymous-drug-black-market/#3581cac65b4f
Greenberg, A. (2018). Operation bayonet: Inside the sting that hijacked an entire dark web drug market. Weird. Retrieved from https://www.wired.com/story/hansa-dutch-police-sting-operation/
Guccione, D. (2019). What is the dark web? How to access it and what you’ll find. CSO Online. Retrieved from https://www.csoonline.com/article/3249765/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html
Hahad, M. (2018). Ransomware-as-a-service: Hackers’ big business. Security Magazine. Retrieved from https://www.securitymagazine.com/articles/88786-ransomware-as-a-service-hackers-big-business
Hamandi, K., Salman, A., Elhajj, I., Chehab, A., & Kayssi, A. (2015). Messaging attacks on Android: Vulnerabilities and intrusion detection. Mobile Information Systems, 2015, 1–13. https://doi.org/10.1155/2015/746930.
Herley, C., & Florencio, D. (2010). Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In T. Moor, D. J. Pym, & C. Ionnidis (Eds.), Economics of information security and privacy (pp. 35–53). New York: Springer.
Holt, T. (2013). Examining the forces shaping cybercrime markets online. Social Science Computer Review, 31, 165–177. Retrieved from https://journals.sagepub.com/stoken/default+domain/H3WiYFUj8TAJJXtbUE9e/full.
Holt, T. (2014). Understanding the underground economy for stolen data (ACJS Today, November 2014). Greenbelt: Academy of Criminal Justice Sciences. Retrieved from http://www.acjs.org/uploads/file/ACJS_Today_November_2014.pdf.
Holt, T. J., & Lampke, E. (2010). Exploring stolen data markets on-line: Products and market forces. Criminal Justice Studies, 23, 33–50.
Holt, T. J., Smirnova, O., & Chua, Y.-T. (2016). Exploring and estimating the revenues and profits of participants in stolen data markets. Deviant Behavior, 37(4), 353–367.
Holz, T., Engelberth, M., & Freiling, F. (2009). Learning more about the underground economy: A case-study of keyloggers and dropzones. In M. Backes & P. Ning (Eds.), Computer security-ESCORICS (pp. 1–18). Berlin/Heidelberg: Springer.
Hord, J. (2019). How SMS works. Howstuffworks.com. Retrieved from https://computer.howstuffworks.com/e-mail-messaging/sms.htm
Huang, K., Siegel, M., & Madnick, S. (2017). Cybercrime-as-a-service: Identifying control points to disrupt. Interdisciplinary consortium for improving critical infrastructure cybersecurity, MIT. Retrieved from http://web.mit.edu/smadnick/www/wp/2017-17.pdf
Hutchings, A., & Clayton, R. (2016). Exploring the provision of online booter services. Deviant Behavior, 37, 1163–1178.
Hyslip, T., & Holt, T. (2019). Assessing the capacity of DDoS-for-hire services in markets. Deviant Behavior. https://doi.org/10.1080/01639625.2019.1616489
Hyslip, T., & Pittman, J. (2015). A survey of botnet detection techniques by command and control infrastructure. The Journal of Digital Forensics, Security, and Law, 10(1), 7–26.
Imperva. (2019). Botnet DDoS attacks. Imperva.com. Retrieved from https://www.imperva.com/learn/application-security/botnet-ddos/?utm_campaign=Incapsula-moved
Jackson, D. (2007). Gozi Trojan. Secureowrks.com. Retrieved from https://www.secureworks.com/research/gozi
Karami, M., & McCoy, D. (2013). Understanding the emerging threat of DDoS-as-a-Service. In Proceedings of the 6th USENIX workshop on large-scale exploits and emergent threats.
Karami, M., Park, Y., & McCoy, D. (2015). Stress testing the booters: Understanding and undermining the business of DDoS services. WWW2016, 1033–1044.
Kaspersky. (2019). What is a botnet. Kaspersky Lab. Retrieved from https://usa.kaspersky.com/resource-center/threats/botnet-attacks
Kim, E., McDaniel, P., & LaPorta, T. (2013). A detection mechanism for SMS flooding attacks in cellular networks. In Proceedings of the 9th international conference on security and privacy in communication systems. Sydney.
Knote, M., Perdisci, R., & Feamster, N. (2015). ASwatch: An AS reputation system to expose bulletproof hosting ASes. In Proceedings of SIGCOMM 2015. London. Retrieved from https://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p625.pdf
Kolias, C., Kambourakis, G., Stabrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and other botnets. Computer, 50(7), 80–84.
Krebs, B. (2010). Body armor for the bad web sites. Krebs on Security. Retrieved from https://krebsonsecurity.com/2010/11/body-armor-for-bad-web-sites/
Krebs, B. (2014). Peek inside a professional carding shop. Krebs on Securty. Retrieved from https://krebsonsecurity.com/2014/06/peek-inside-a-professional-carding-shop/
Krebs, B. (2017). Ransomware for dummies: Anyone can do it. Krebsonsecurity.com. Retrieved from https://krebsonsecurity.com/tag/philadelphia-ransomware/
Krebs, B. (2019). Canadian police raid “Orcus RAT” author. KrebsonSecurity.com. Retrieved from https://krebsonsecurity.com/2019/04/canadian-police-raid-orcus-rat-author/
Kwon, K.-N., & Lee, J. (2003). Concerns about payment security of internet purchases: A perspective on current on-line shoppers. Clothing and Textiles Research Journal, 21(4), 174–184.
Laing, B. (2018). Malware-as-a-service: The 9-to-5 of organized cybercrime. Lastline.com. Retrieved from https://www.lastline.com/blog/malware-as-a-service-the-9-to-5-of-organized-cybercrime/
Lewis, J. (2018). Economic impact of cybercrime – No slowing down. McAfee. Retrieved from https://www.mcafee.com/enterprise/en-us/solutions/lp/economics-cybercrime.html
Lynch, S. (2018). U.S. shuts down cyber crime ring launched by Ukrainian. Reuters. Retrieved from https://www.reuters.com/article/us-usa-cybercrime/u-s-shuts-down-cyber-crime-ring-launched-by-ukrainian-idUSKBN1FR2M7
Manky, D. (2013). Cybercrime as a service: A very modern business. Computer Fraud and Security, 6, 9–13.
Mark, J. (2019). SMS attacks on the risk in 2019. DFNDR Blog. Retrieved from https://www.psafe.com/en/blog/sms-attacks-on-the-rise-in-2019/
Martindale, J. (2018). From pranks to nuclear sabotage, this is the history of malware. Digitaltrends.com. Retrieved from https://www.digitaltrends.com/computing/history-of-malware/
Mathews, L. (2016). World’s biggest Mirai botnet is being rented out for DDoS attacks. Forebes.com. Retrieved from https://www.forbes.com/sites/leemathews/2016/11/29/worlds-biggest-mirai-botnet-is-being-rented-out-for-ddos-attacks/#79bf817358ad
McAfee. (2013a). What is a “Drive-By” download? McAfee. Retrieved from https://securingtomorrow.mcafee.com/consumer/family-safety/drive-by-download/
McAfee. (2013b). What is a keylogger? McAfee. Retrieved from https://securingtomorrow.mcafee.com/consumer/family-safety/what-is-a-keylogger/
McAfee. (2018). Economic impact of cybercrime – No slowing down. McAfee. Retrieved from https://www.mcafee.com/enterprise/en-us/assets/reports/restricted/rp-economic-impact-cybercrime.pdf
Medium. (2018). Protect your website: How to avoid SMS traffic flooding attacks. Medium.com. Retrieved from https://medium.com/@Alibaba_Cloud/protect-your-website-how-to-avoid-sms-traffic-flooding-attacks-d8d9561dcdeb
Mendoza, M. (2016). The cybercrime business model and its value chain. Welivesecuirty.com. Retrieved from https://www.welivesecurity.com/2016/12/08/cybercrime-business-model-value-chain/
Microsoft. (2018). Exploits and exploit kits. Microsoft.com. Retrieved from https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/exploits-malware
Moreno, M. (2016). Malware as a service: As easy as it gets. WebRoot. Retrieved from https://www.webroot.com/blog/2016/03/31/malware-service-easy-gets/
Motoyama, M., McCoy, D., Levchenko, K., Savage, S., & Voelker, G. M. (2011). An analysis of underground forums. IMC, 11, 71–79.
Mullis, S. (2013). Cybercriminal intent: How to build your own botnet in less than 15 minutes. Fireeye. Retrieved from https://www.fireeye.com/blog/executive-perspective/2013/08/cybercriminal-intent-how-to-build-your-own-botnet-in-less-than-15-minutes.html
NJCCIC. (2017). Poison Ivy. Trojan Variants. Retrieved from https://www.cyber.nj.gov/threat-profiles/trojan-variants/poison-ivy
NJCCIC. (2019). Exploit kits. NJCCIC. Retrieved from https://www.cyber.nj.gov/threat-profiles/exploit-kits/
Noga. (2017). New “dissain” exploit kit may signal reemergence of the popular hacker tool. Intsights.com. Retrieved from https://www.intsights.com/blog/new-disdain-exploit-kit-may-signal-reemergence-of-the-popular-hacker-tool
Norton. (2019a). What is bulletproof hosting. Norton by Symantec. Retrieved from https://us.norton.com/internetsecurity-emerging-threats-what-is-bulletproof-hosting.html
Norton. (2019b). What is malware and how can we prevent it. Norton.com. Retrieved from https://us.norton.com/internetsecurity-malware.html
Oikarinen, J., & Reed, D. (1993). Internet relay chat protocol RFC 1459. Internet Engineering Task Force. Retrieved from http://tools.ietf.org/html/rfc1459.html
Otto, G. (2018). Asia’s hackers are finding a home on the dark web. Cyberscoop. Retrieved from https://www.cyberscoop.com/asia-dark-web-china-hackers-intsights/
Paganini, P. (2013). Cybercrime as a service. Infosec Institute. Retrieved from https://resources.infosecinstitute.com/cybercrime-as-a-service/#gref
Palmer, D. (2016). Phishing-as-a-service is making it easier than ever for hackers to steal your data. ZDNet. Retrieved from https://www.zdnet.com/article/phishing-as-a-service-is-making-it-easier-than-ever-for-hackers-to-steal-data/
Palmer, D. (2017). New dark web scheme lets wannabe cybercriminals get in on ransomware – for free. ZDNet. Retrieved from https://www.zdnet.com/article/new-dark-web-scheme-lets-wannabe-cybercriminals-get-in-on-ransomware-for-free/
Palmer, D. (2018). What is ransomware? Everything you need to know about one of the biggest menaces on the web. ZDNet.com. Retrieved from https://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/
Palotay, D. (2017). Ransomware as a Service (RaaS): Deconstructing Philadelphia. Sophos. Retrieved from https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/RaaS-Philadelphia.pdf?la=en
Patterson, D. (2018). Dark web: A cheat sheet for business professionals. TechRepublic. Retrieved from https://www.techrepublic.com/article/dark-web-the-smart-persons-guide/
Proofpoint. (2017). Philadelphia ransomware brings customization to commodity malware. Proofpoint. Retrieved from https://www.proofpoint.com/us/threat-insight/post/philadelphia-ransomware-customization-commodity-malware
Proofpoint. (2018). Proofpoint threat report: Banking Trojans dominate the malware landscape in the first months of 2018. Proofpoint.com. Retrieved from https://www.proofpoint.com/us/threat-insight/post/proofpoint-threat-report-banking-trojans-dominate-malware-landscape-first-months
Rankin, B. (2018). A brief history of malware – Its evolution and impact. Lastline.com. Retrieved from https://www.lastline.com/blog/history-of-malware-its-evolution-and-impact/
Rendell, D. (2019). Understanding Malware. Computer Fraud and Security 2019(1):17–19. https://doi.org/10.1016/S1361-3723(19)30010-7
Rossow, C., & Gortz, H. (2014). Amplification hell: Revisiting network protocols for DDoS abuse. In Proceedings of the 2014 Network and Distributed System Security (NDSS) symposium. San Diego. Retrieved from http://www.internetsociety.org/sites/default/files/01_5.pdf
RSA. (2019). Drive-by download. [White paper]. RSA. Retrieved from https://www.rsa.com/content/dam/en/case-study/asoc-drive-by-download.pdf
Rutherford, R. (2018). The changing face of phishing. Computer Fraud and Security, 2018(11), 6–8. https://doi.org/10.1016/S1361-3723(18)30107-6.
Schwartz, M. (2017). Rent the latest exploit toolkit for $80 per day. Bank Info Security. Retrieved from https://www.bankinfosecurity.com/rent-latest-exploit-toolkit-for-80-per-day-a-10201
Seals, T. (2018). Bad botnet growth skyrockets in 2017. Insecurity Magazine. Retrieved from https://www.infosecurity-magazine.com/news/bad-botnet-growth-skyrockets-in/
Searchsecurity. (2019). Keylogger (keystroke logger or system monitor). Tech Target. Retrieved from https://searchsecurity.techtarget.com/definition/keylogger
SentinelOne. (2016). What is “bulletproof hosting” and why should you worry? SentinelOne.com. Retrieved from https://www.sentinelone.com/blog/what-is-bulletproof-hosting-and-why-should-you-worry/
SETI. (2019). SETI@Home. Berkeley SETI. Retrieved from https://setiathome.berkeley.edu/
Shapira, Y. (2018). DarkSky Botnet. Radware Blog. Retrieved from https://blog.radware.com/security/2018/02/darksky-botnet/
Sood, A., & Enbody, R. (2013). Crimeware-as-a-service-A survey of commoditized crimeware in the underground market. International Journal of Critical Infrastructure Protection, 6, 28–38. https://doi.org/10.1016/j.ijcip.2013.01.002.
Spamhaus. (2019). The definition of Spam. Spamhaus. Retrieved from https://www.spamhaus.org/consumer/definition/
Stefnission, S. (2018). Malware businesses blending the legitimate and the illegitimate. Security Week. Retrieved from https://www.securityweek.com/malware-businesses-blending-legitimate-and-illegitimate
Trend Micro. (2019). Command and Control [C&C] server. Trend Micro. Retrieved from https://www.trendmicro.com/vinfo/us/security/definition/command-and-control-server
Turiel, A. (2017a). Build, buy, or lease? The 15 minute botnet. Cyren Security Blog. Cyren.com. Retrieved https://www.cyren.com/blog/articles/build-buy-or-lease-the-15-minute-botnet
Turiel, A. (2017b). Legitimate botnets do exist. Cyren Security Blog. Cyren.com. Retrieved from https://www.cyren.com/blog/articles/legitimate-botnets-do-exist
Turkel, D. (2015). There are now programs that anyone can use to extort money from you. Business Insider. Retrieved from https://www.businessinsider.com/ransomware-as-a-service-is-the-next-big-cyber-crime-2015-12
Veracode. (2019). Rootkit: What is a rootkit? Veracode. Retrieved from https://www.veracode.com/security/rootkit
Vipre. (2019). Security 101: Combat exploit kits with patch management. [White Paper]. Vipre.com. Retrieved from https://www.vipre.com/wp-content/uploads/2017/06/Security-101-Exploits.pdf
Wainwright, R., & Cilluffo, F. (2017). Responding to cybercrime at scale: Operation Avalanche – A case study. Center for Cyber & Homeland Security, The George Washington University. Retrieved from https://cchs.gwu.edu/sites/g/files/zaxdzs2371/f/Responding%20to%20Cybercrime%20at%20Scale%20FINAL.pdf
Wales, F. (2014). 10 signs a career in coding and software development might be right for you. The Guardian. Retrieved from https://www.theguardian.com/careers/ten-signs-career-coding-software-development-right-for-you
Webroot. (2013). How much does it cost to buy 10,000 U.S.-based malware-infected hosts? Webroot.com. Retrieved from https://www.webroot.com/blog/2013/02/28/how-much-does-it-cost-to-buy-10000-u-s-based-malware-infected-hosts/
Whitaker, Z. (2016). BBC, Trump web attacks “just the start,” says hacktivist group. ZDNet. Retrieved from http://www.zdnet.com/article/attackers-targeting-bbc-donald-trump-amazon-web-services/
Williams, R., Samtani, S., Patton, M., & Chen, H. (2018). Incremental hacker forum exploit collection and classification for proactive cyber threat intelligence: An exploratory study. In Proceedings of the 2018 IEEE International Conference on Intelligence and Security Informatics (ISI). Miami. https://doi.org/10.1109/ISI.2018.8587336.
Witkoswki, T. (2001). Credit fraud usually starts with paper trail. Cincinnati Business Courier. Retrieved from https://www.bizjournals.com/cincinnati/stories/2001/02/12/focus4.html
Yip, M., Webber, C., & Shadbolt, N. (2013). Trust among cybercriminals? Carding forums, uncertainty, and implications for policing. Policing and Society, 23, 1–24.
Zargar, S., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (distributed denial of service) flooding attacks. IEEE Communications Surveys and Tutorials, PP(99), 1–24.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Author(s)
About this entry
Cite this entry
Hyslip, T.S. (2020). Cybercrime-as-a-Service Operations. In: Holt, T., Bossler, A. (eds) The Palgrave Handbook of International Cybercrime and Cyberdeviance. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-78440-3_36
Download citation
DOI: https://doi.org/10.1007/978-3-319-78440-3_36
Published:
Publisher Name: Palgrave Macmillan, Cham
Print ISBN: 978-3-319-78439-7
Online ISBN: 978-3-319-78440-3
eBook Packages: Law and CriminologyReference Module Humanities and Social SciencesReference Module Business, Economics and Social Sciences