Cyber criminals have taken to headhunting in order to counter the skill shortages afflicting the technology sector proving that the quest for scarce talent is right across the board.
According to researchers at the UK’s National Crime Agency and investigators retained by the Indian Stock Exchange, cyber criminals are now running global headhunting and schooling exercises in pursuit of the talent that they need and pay fees far in excess of large companies.
During intensive research over the past year into gaming and hacking groups on the internet, UK police officers claim that cybercrime gangs have deliberately developed grooming techniques to guarantee the flow of recruits they need and that a core part of their agenda is to erode moral values in their targets.
“The befriendment starts in the forums and people, usually young kids, are encouraged to be more participative and they are often congratulated and told how clever they are and all of those sorts of things that they might not be getting in the real world. So it’s like grooming for sex, you dare them to do something and then encourage them to do riskier things,” said Ian Glover, President of the cyber security accreditation group Crest, which worked on a report into the trend with the NCA.
“It’s the same thing with hacking you start off by daring them by saying things like I bet you can’t get some credentials and that then becomes a target and a challenge, and these people are really bright, really talented people and they like challenges. So you give them a few challenges and that starts to socialise them and make acceptable some of those activities.”
According to the NCA researchers, the recruitment process starts with computer gaming where young children anxious for kudos with friends search out ‘cheats’ that help them get higher scores and find ways around particular obstacles. This practice can quickly lead onto to software modification which they need extraction software for so they can open the code of the games they are playing on.
“It’s the extraction tools that the children are interested in but they then migrate to the forums where those tools and things are discussed but the fact that you are using extraction tools means that you are already marginally on the illegal side because you are doing modifications to the game so in theory you are breaching IPR laws.
“The children are already slipping into the area of thinking well it’s ok to break code and extract stuff and that starts to socialise the idea that that’s an acceptable thing to do,” said Glover, who added that such grooming was particularly successful with more ‘geeky’ children who tend to use the internet socially because they find it easier to interact there.
The children are already slipping into the area of thinking well it’s ok to break code and extract stuff and that starts to socialise the idea that that’s an acceptable thing to do
“They move from a face to face physical element into a gaming element where they have lots of international friends and friends from other places and then they move to a hacking community where they once again achieve an extension to their online social network and their online social standing starts to increase.
“So what happens is their social standing with their normal community starts to diminish and their social standing in their online group starts to increase.”
Critics of the research have pointed out that the patterns identified by the police are simply the same as those used in any social group and that what the police are seeing is just the activity of people who are interested in a particular topic discussing it.
A criticism that the police have rejected, pointing out that monitoring individual’s behaviour on the forums is a logical thing for criminals to do and that there is clear proof that cybercrime gangs seed hacking forums with code to generate ‘white noise’ campaigns – large amounts of low-level hacking activity that distract defenders in the run-up to an attack.
This use of internet forums has also been noticed by researchers working on behalf of multi-national companies, according to Narayan Neelakantan, the Chief Security Officer for the National Stock Exchange of India, who says that an active headhunting system for criminal projects has been developed on the dark web.
“It’s very clear that the criminals have requirements for talent in exactly the same way that large companies do. You have to be introduced into the forums where they are looking for talent and there you see the requirements for projects.
“The information is always very sketchy, the only thing that is not is the amount they are offering for each task, which is always set out in bitcoin and typically the prices being offered are 100s of bitcoin.”
A headhunting process that follows very closely the methods used by legal companies developing software for their own purposes.
“What is noticeable is that the criminals are now working together in exactly the same way that large companies do. They group together they form a team in the same way that project teams are formed by companies and they then execute whatever hack or crime that they want to do. Once they have carried out their project they then make the tools and resources that they have developed freely available to others,” said Neelakantan, adding that exactly like head-hunters trying to staff up legitimate projects, that the details on the work at the advertising stage are deliberately vague.
“These people are very selective on what they post. They don’t want to leave any trail or even have some kind of remote connection to what target they are aiming for. Sometimes they try and camouflage what they are doing, sometimes it’s made to look like a bounty hunter request.
“The request is often very simple and it could be something like we know of a number of vulnerabilities in a certain type of operating system do you have the skills to exploit them?” said Neelakantan, adding: “I think it is due to the skills shortage, but there is a lot of attraction to go to the bad side because it is easy money and because large companies cannot afford to pay that sort of salary.”
Indeed, what is striking about the trends is the development of two different worlds – the world of the web and the world of the street – where the systems used are almost identical and the only difference is an interpretation of morality.
Which has left UK police with the tricky task of trying to identify and head off those children it suspects may be drawn to the dark side and diverting them into rewarding, challenging and legal programming activities according to Glover.
As one observer once commented on the development of Russian cybercrime: “while the US was busy making Silicon Valley, their equivalents in Russia started to build Silicon Hell.”
A possibly unfair singling out of Russia but a comment that underlines that cybercrime now is more and more a battle for hearts and minds and one the police are losing.