Cybercrime is (often) boring: Maintaining the infrastructure of cybercrime economies


It is generally accepted that the widespread availability of specialist services has helped drive the growth of cybercrime in the past fifteen to twenty years. Individuals and groups involved in cybercrime no longer need to build their own botnet or send their own spam because they can pay others to do these things. What has seldom been remarked upon is the amount of tedious administrative and maintenance work put in by these specialist suppliers. There is much discussion of the technically sophisticated work of developing new strains of malware or identifying zero-day exploits but the mundane nature of the day to day tasks of operating infrastructure has been almost entirely overlooked. Running bulletproof hosting services, herding botnets, or scanning for reflectors to use in a denial of service attack is unglamorous and tedious work, and is little different in character from the activity of legitimate sysadmins. We provide three case studies of specialist services that underpin illicit economies and map out their characteristics using qualitative sociological research involving interviews with infrastructure providers and scraped data from webforums and chat channels. This enables us to identify some of the distinct cultural and economic factors which attend this infrastructural work and to note, in particular, how its boring nature leads to burnout and the withdrawal of services. This leads us to suggest ways in which this new understanding could open novel avenues for the disruption of cybercrime.

Workshop on the Economics of Information Security