Pablo de la Riva Nov 18, 2019 14 min read

CYBERCRIME.ORG. Cybercrime as a Business

Cybercrime seems very recent and modern, but at the dizzying pace everything happens today, this is a phenomenon that has already gone through several stages of evolution and development.

If we think of a cybercriminal, we think of a hacker. We imagine a young man shut up in a dark room full of computers and screens; an odd lone wolf with great computer skills who is constantly glued to a computer keyboard.

However, this vision of a hacker has nothing to do with today's cybercriminal. In fact, cybercrime has already ceased to be a solitary and individualistic activity that takes place in a cluttered, dismal room.

Hacking has ceased to be a technical and often recreational activity, and has become a professional and business activity, where the challenge to break into the Pentagon's computer systems has been replaced by the search for targets that generate economic benefits.

The cybercriminal has also changed. It is no longer necessary to be someone with profound programming and computer science knowledge: anyone can enter the world of cybercrime if they know what they want and where to buy it.

These changes have brought about an evolution of hacking and cybercrime to a business model that has completely transformed this phenomenon. We will start at the beginning.

Many hackers say that when an acquaintance finds out that they are a hacker, the first thing he usually does is to show the hacker his girlfriend's WhatsApp or email to be able to spy on her.

This situation, which could serve as the basis to talk about many other issues, allows us to exemplify something that hackers realized, which is that they could offer their services to others. This is when the hacker goes from being someone acting on their own to being someone who can "work" for others.

The next step in this evolution is inevitable from the standpoint of productive development, service generation or Cybecrime as a Service (CaaS). Hackers can put their knowledge and skills at the service of others by generating products, executions and advice that are in demand by third parties. That is, as a hacker I am not so interested in "wasting time" on making a laughingstock of WhatsApp's security as I am in creating a tool for "jealous boyfriends" who can pay for it.

A less prosaic example of this phenomenon is the creation of the famous ransomwares to hijack companies and institutions that are put in the hands of the highest bidder. Here, the hacker distances themselves from the crime, just as someone who sells weapons is distanced from the deaths they can cause.

This "psychological distance" from the damage is very important because it means that many experts who would not dare to commit cybercrime do dare to build "applications" and sell them. What is done with them is no longer their business.


In addition, as sellers of a service, it is necessary to generate demand, create product catalogs, service tests and Research and Development (R&D) systems to continue innovating and evolve the business.  

This phenomenon has its own marketplaces, where you can find service providers, customer ratings and popularity scores, as you would find in service sectors of the business world. In some of these cybercrime markets it is not uncommon to find comments indicating that the help desk service offered by this or that hacker is friendlier and more useful than those offered by banks or certain service companies.

Different types of services compete in these markets:

  • Data as a Service (DaaS): where the service offered is the exchange of stolen data: credit cards, passwords, email addresses...
  • Hacking as a Service (HaaS): which is exactly that, making a hacker available for whatever the client needs.
  • Translation as a Service (TaaS): this is a translation and language adaptation service to improve phishing campaigns and make them seem more credible. In some cases, this service can be complementary to the design and cloning of websites so that they seem authentic.
  • Money Laundering as a Service (MLaaS): in relation to the above, phishing needs a money laundering structure, for which it usually requires the participation of so-called “mules” that are selected and provided by this service, along with the entire financial process of money laundering that is required for an effective phishing
  • Malware as a Service (MaaS): this consists in designing, building and implementing malware for third parties. These types of services are offered with a multitude of "extras": custom designs, infection guarantee, premium versions, after-sales service...

As we can see, the Cybecrime as a Service (CaaS) phenomenon shows a level of development that puts it on an equal footing with any successful company in the “legal” services sector, obtaining profits that a multitude of organizations operating in the "analog" world would be happy to have. And the fact is that the virtual world offers a series of elements that are not found in the analog, and promote and maintain the generation of crimes online:

  • Anonymity: This is the feature that is behind many cybercrimes, supplanting the identity of another person. But in turn, this ability of the internet to separate us from our physical identity is what allows criminals to "roam freely" without the possibility of being discovered. It is as if in the analog world we were all wearing balaclavas. This obviously has a great impact on the persecution and fight against cybercrime.
  • Change management: With a pair of clips or commands an application or software can be modified to overcome a security obstacle or improve its operation. This ability to cope with change, which many physical products do not have, is what makes everything online very versatile. How many computer viruses and their respective vaccines arise each month? How many patches and updates are generated in that time?
  • Ease of the market: In the virtual world we have access to millions and millions of potential customers; everyone is at hand without borders or distances. The cybercriminal's showcase is as big as the market itself.
  • Globalization: Similar to the above point, the contacts and collaborations that can be found are also infinite. We can have a group of hackers from countries thousands of kilometers away, working in coordination. We can negotiate, receive logistical support or buy a certain product anywhere in the world.
  • Profitability: A ransomware or a phishing campaign, whose cost is relatively low because its only requirements for development are knowledge and time, can generate millions of euros of profit during the time it is active. The elimination or destruction of the malware product does not generate economic losses and it can be rebuilt based on that versatility that we talked about before. Likewise, as the market is global, the possibility of gaining access to customers that may be interested in acquiring these products also enables profitability escalation. Finally, as the profits are very high, the sales prices for these products are often high also.

At this point, cybercrime is no longer an isolated or sporadic phenomenon, or even an emerging phenomenon. Today it is an authentic industry which, as has happened in analog organized crime, uses the most modern business management techniques.

Cybercriminal groups not only dedicate themselves to programming; they also devote resources to planning and coordinating activities, to marketing (as we have seen previously) and, essentially, to maximizing profits. Hierarchies, command unit, division of labor, productivity, etc., are concepts naturally incorporated by organized cybercrime. Moreover, sometimes these cybercriminal groups alternate between legal and illegal activities.

As crime is simply an instrument for obtaining benefits, the group can and does also use legal means to achieve this end. In fact, cybersecurity companies often turn to hackers or cybercriminals as part of their workforce.

Some cybercriminal organizations in Eastern countries attend cyber conventions and events to attract experts, offering them well-paid and very attractive jobs. In some cases, these professionals begin to work on the creation of software or programs that are apparently legal, but which will later be used for criminal purposes.


But one more twist to this development of organized cybercrime is precisely its current relationship with analog organized crime. Drug trafficking, terrorism, human trafficking or any other type of criminal activity linked to organized crime has realized the possibility of outsourcing some structural processes to cybercriminals.

For the most part, everything related to money laundering, financial management or intelligence strategies are services that these organizations can request from cybercriminal groups.

In turn, these synergies can be used later for joint work by the respective analog and virtual skills in cases of extortion, kidnapping, creation of false identities...

Cybercrime has changed and is changing. The speed of development of new technologies has led to this vertiginous evolution that has taken the hacker from a dark room to a large office with windows and luxurious furnishings. On many occasions they have gone from being the "weirdo" to being the CEO of a big company.

The hacker is no longer a loner; he or she is a leader or is part of a multidisciplinary and structured group that works transnationally to achieve objectives.


Pablo de la Riva

Pablo de la Riva founded his first company when he was 21 years old – a security consulting firm – and Revelock was his first software startup experience. He has been working in the anti-fraud sector for almost 15 years, first as a cyber-security analyst, then as a team leader, later as CTO with almost 200 people reporting to him and now as CEO.