> I am amazed at how well these criminals from another country know the details of the systems in the US when we in the US have probably a handful of people who understand the end-to-end line they do.
It’s quite literally a criminals job to understand and abuse these systems, and there’s very clear link between their performance and their reward. Makes for a good motivator.
People frequently underestimate criminals because they don’t appreciate that these individuals are doing this work as full time job. I’m sure if you spent 8 hours a day for week, you’ll have an equally good understanding.
I always find it ironic that for all but the most lucrative criminal enterprises, if the criminal applied the same amount of effort towards pursuing legitimate employment, they would come out ahead (adjusted for risk of course).
Some people just enjoy "getting over" more, to the point that they will discount their labor used for such schemes.
I don't think that's true. The criminals you hear are the only ones who get caught.
In fact, I would say criminal activities have a higher risk-adjusted return than legitimate activities, simply because there's less "supply" in this labour market due to moral reasons and risk-aversion.
As an example, let's say you find a zero-day that gives you access to any FAMG account. Their responsible disclosure programs will pay you probably ~$31,337 (real example from Google).
If you sell that on the darkweb as a "hax any Google account as service", while it is more effort, you could absolutely clear multi-millions from it (charge $50k per account hijack; which itself can lead to millions in fraud profits or selling intellectual property; etc; can maybe pull this off 50 times before it gets patched = $2.5 million).
Not to mention you'd probably be able to sell it to Saudi Arabia and Israel for anywhere from six to eight digits too depending on their operational needs.
So that's a >80x increase in earnings if you go the criminal route. It's more work, but there are brokers who will happily do the heavy lifting for you in exchange for taking a cut of the profits.
And if you reside in a country where the government essentially encourage hacking Western companies as long as you don't hack properties of your own nation (e.g. China; Russia), then the risk to you is virtually zero (as long as you don't plan to travel to a western-extradition country).
for all but the most lucrative criminal enterprises
What you described is top-notch hacking and super high risk (99,99% of such criminals probably never deal directly with governments).
Seems similar to claim that acting pays well and take the example of Tom Cruise to prove it.
The recent interview of Marcus Hutchins says something else: he's been working full time as black hat and realized afterwards that being a white hat pays better.
I work in preventing financial crime, so I have some useful context on this.
Unless your hitting the big leagues (stealing millions to tens of millions of dollars) then the odds of you actually getting caught and prosecuted are basically 0.
This sounds silly, but it’s mostly driven by the fact that most traditional law enforcement agency (i.e. the police) don’t understand or are interested in preventing financial crime. It’s too abstract, doesn’t have a physical component, and frequently the criminals will be completely different jurisdictions to victims.
Even when you provide the police with the home address and photo ID of a financial criminal to the police, they usually won’t do anything. Again they don’t understand the crime, they don’t have the training to investigate and they don’t know what evidence is needed to prosecute. Finally the police are usually rated by the public on the number of shootings and stabbing that didn’t happen, rather than dollars not stolen.
So the only agencies that actually pursue financial criminals are people like the secret service in the US, and the City of London fincrime team in the UK.
Both relatively small agencies compared to a national police force. The end result is they only pursue whales, people and organisations that have stolen millions from one person or organisation.
If you’re not a whale, then no ones gonna chase you. You can spend years ripping off grandma‘s at $10k a pop, and no law enforcement agency will care.
Social engineering, much hacking, scamming, etc. don't care about race or gender or connections or degrees, all of which are very real things limiting people's professional success. Many can be done without interacting with a team and without any kind of interview, both of which are skills.
I doubt these people are discounting their time or labor. They might be optimizing for the opportunities available to them. Willingness to do something illegal could reasonably be seen as an arbitrage opportunity—something seen in business all the time.
The case for crime is, in fact, pretty clear-cut you have a bright mind, an appetite for risk, and resist societal expectations about orderly conduct - i.e. it is another flavor of "startup founder".
You only need one big score where you get away clean and you're done, your criminal career is complete in one go and you can retire. Compare that to all the fuss of operating within society, the social signalling and bargaining and courting of gatekeepers - that's only worth it if you've been groomed for it in some way.
And computer crime is as clean as it comes, in terms of the kind of damage done. The ultimate purpose is simple - change some database rows! No bashing of heads or physical entry to property needed. With appropriate choice of targets, you pass the resulting crisis over to some figurehead executive who mumbles for a bailout from the government. Numbers are shifted around again after some delay and everyone is happy.
By contrast the SV startup dynamic is one of gaining overt power over others, not just getting a high score. The product and platform acts as a Trojan Horse for this subjugation, powered by a belief(oftentimes a sincere one) that this is a grand humanitarian project, which in turn inspires cult thinking. Then to even get in as a worker, you have to fit into the cultural mold. Your userbase is likewise fostered towards dependence and ushered to mega-scale, data-driven extraction, if not immediately, then later, after the company is acquired. It's all quite a long schlep if you just like working with technology to help people.
>You only need one big score where you get away clean and you're done
The laughable part is here. People bring their problems with them. The kind of person who would pull off a big score, such as a brilliant hack or a bank robbery, won't retire to the Oregon coast and drive at or below the speed limit for the rest of their lives. A lot of those traits are traits of antisocial personality disorder. People like that are magnets for trouble. They won't lie low and relax for the rest of their days.
It's a lie criminals are not professionals. It comes with a set of other rules, rituals and codes. The money is not a big score but an unlimited amount of cashflow. The antisocials are the ones blowing up a money printing machine just for the sake of their ego. Have you ever seen estimates of the grey economy? That world is running way more efficient than civilian life because of the stakes. Guys like Pablo get that famous because he had an antisocial personality and had to blow up an airplane while he was one of the most richest billionaires in the world.
Antisocial personality disorder is almost a prerequisite for career criminals. Disagreeable enough to commit crime and not feel bad about it, extroverted enough to enter or form a gang, and low enough in neuroticism to keep your cool under pressure. I'm not trying to paint all antisocial people as "bad". It's also a personality configuration that works well in certain military positions.
If I remember correctly, that was for low level weed dealers, not scamming financial systems. A successful identify theft of a middle or upper income family will reap a payout much greater than a fast food worker.
I can say, based on my own observations, that is absolutely nowhere near true. Many people selling drugs to their friend groups make profit in excess of $400 a day, tax free.
I can't speak for a larger group, of course. Perhaps the average is weighed down by more casual actors.
I don't think that an individual proprietor earning only 100k would have a motivation to do that. One can pay rent, buy vehicles, and purchase most everything else with cash. Why give 40% to the government? Social responsibility is great, but not if it's going to get you interdicted as a drug dealer.
You can do that, but at some point you might be asked to explain how you manage to rent a nice apartment and own a car without earning any income. Outright tax fraud isn't really any more of a sensible risk to take if you're a career criminal than it is if you work a regular job. After all, they got Capone for tax evasion.
It's more likely that they'll be caught up in enforcement of controlled substance trafficking laws, and those are the more severe charges the authorities tend to pursue.
Is it? It's quite difficult to prove that someone is involved in trafficking controlled substances, if they're careful. It's not difficult to show that someone is committing tax fraud if they have a big house and a car and zero declared income.
Most people involved in such activity have incriminating communications that are very easily used in court such as text messages. The bar for proving that various messages are evidence of illegal activity is surprisingly low. One individual not only has to be very careful, but also enforce the same level in everyone who communicates with them while providing customer service (e.g. making customers happy, feel good l, not offending them and so forth).
The issue of tax fraud is only an issue if they investigate you - someone in the tax department would have to find a reason to take notice. In the case of a narcotics trafficker it's more likely that activity would be observed by drug investigators than for the tax department would determine there's someone paying a mortgage or rent that isn't a significant income tax payer. That's not really how tax investigations work.
I think you overestimate the lucrative opportunities available to hard-working honest people especially in developing countries where a lot of these operations are based
Maybe. I don't have faith that the world is that meritocratic. I don't know many criminals, but I know people who are smart and competent, but who've fallen into careers with low pay and no room for advancement. Crime is something that doesn't require the resume or capital of legitimate options.
It’s very very easy in the modern world to end up in a situation where you’re not allowed to contribute positively and have very few options other than crime.
You mean with some kind of criminal record, or just a dead end career? Because the latter is your starting point, not your end point, when it comes to deciding whether it pays better to put subsequent effort into figuring out how to profit via crime versus finding better legitimate ways to make money.
It’s quite literally a criminals job to understand and abuse these systems, and there’s very clear link between their performance and their reward. Makes for a good motivator.
People frequently underestimate criminals because they don’t appreciate that these individuals are doing this work as full time job. I’m sure if you spent 8 hours a day for week, you’ll have an equally good understanding.