Lade Inhalt...

Botnets. Economics of Cybercrime

Essay 2016 8 Seiten

BWL - Rechnungswesen, Bilanzierung, Steuern

Leseprobe

Outline

I. Introduction

II. Background
A. The Model of Economics of Cybercrime.
B. Botnets – a prime example for cybercriminal activity

III. Supporting Arguments
A. Existing underground market
B. Benefits are calculable
C. Reported Cases of extortion in the study by Segura & Lahuerta

IV. Opposing Arguments
A. Punishment as a deterrence
B. Origin of Cybercrime based in activism

V. Conclusion

References

Botnets – Economics of Cybercrime

While crime is not considered something that is abstinent from the business world, it is also seldom realized as its own economy. The following paper will present an economic approach to crime in the modern area. The sphere of cybercrime, in particular the case of Botnets is going to be used to analyze a rational choice approach to economics in crime. In doing so, the basic model of rational choice economics in crime is presented. Then the case of Botnets is introduced and used to illustrate supporting and opposing arguments for the model. The paper will conclude that cybercrime – especially the case of botnets – is driven by rational choice and thus the idea of economic efficiency. The benefit of this conclusion results in the possibility of counter-measures to disrupt these criminal markets and lower profitability.

I. Introduction

While crime is not considered something that is abstinent from the business world, it is also seldom realized as its own economy. The following paper will present an economic approach to crime in the modern area. The sphere of cybercrime, in particular the case of Botnets is going to be used to analyze a rational choice approach to economics in crime. In doing so, the basic model of rational choice economics in crime is presented. Then the case of Botnets is introduced and used to illustrate supporting and opposing arguments for the model. The paper will conclude that cybercrime – especially the case of botnets – is driven by rational choice and thus the idea of economic efficiency. The benefit of this conclusion results in the possibility of counter-measures to disrupt these criminal markets and lower profitability.

II. Background

A. The Model of Economics of Cybercrime.

A criminal act is considered any behavior that deviates from societal norms, crosses the boundaries of ethical and lawful behavior, and is sanctioned by a governmental authority. As such criminal behavior is often associated with the aspect of punishment, fines, and imprisonment. Any association to economics and business is often limited to crime happening in a certain business environment. However, it is argued that crime in itself can be considered a market and thus bound to economic principles.

The here presented model is based upon the assumption that within the “crime market” any individual player is motivated by the rational maximization of utility (Eide et alt., 2006). This assumption is based upon the principle of rational choice, meaning that an individual acts rationally to maximize expected utility and that this utility is “a positive function of income” (ibid). This leads to a very simplistic economic model: Any endeavor that has a greater income than zero after subtraction of costs is profitable (Segura & Lahuerta, 2010). It is a simple ocst-benefit principle (Li et alteri, 2006). This model transfers the rational choice assumptions to criminal activity.

Thus, a criminal will commit a criminal act “if the expected utility is positive, and he will not if it is negative” (Eide et alteri, 2006). In this scenario however the deterrence through sanctions and punishments have to be factored in as “negative variables” (ibid).

B. Botnets – a prime example for cybercriminal activity

A modern example of this economically efficient behavior can be found in the market of cybercrime. Cybercrime is a growing industry and byproduct of the Internet revolution. Therefore, the internet based crime comes in various shapes and sizes, and evolved into a lucrative business (Li et alteri, 2006). One of the prominent forms of cybercrime are distributed denial of service attacks (DDoS Attacks). These rely on the existence of botnets (Li et alteri, 2006). Botnets are comprised of high jacked computer systems, the so called “slaves” (ibid). These from a “net” that is controlled by an individual, called the “master” (Seguera & Lahuerta, 2010). The master offers the botnet to interested parties, the “attacker” (ibid). These use botnets to initiate DDoS Attacks. These attacks are performed by simultaneously accessing a website or a secure gateway. The sheer number of access will overload the computational capabilities of the gateways and in the worst case crash the website (ibid). The attacker can generate profit from thusly launched attacks through extortion (ibid) or the “ripple effects” of such an attack, e.g. break-down in sales, damage to perception or image, and similar.

Essentially, the use of botnets to launch DDoS Attacks constitutes different criminal offences depending on the target and the outcome. In any case it is a criminal offence and thus sanctioned under the respective legal framework.

III. Supporting Arguments

Now, the question arises if the behavior of a botnet master or attacker is economically motivated and if the rational choice approach can explain the behavior.

A. Existing underground market

The first overall indicator that there is a market and thus economical motivation for botnets is provided by the study of Li et alteri (2006). The study has shown through “basic” market research that botnets are rentable on underground markets (ibid). The mere existence of such a rental market is an indicator as for the application of economic principles.

B. Benefits are calculable

Within such a market economic principles dictate the existence of costs and benefits. These determine the profitability of any endeavor (Eide et al., 2006). Essentially, individuals will not allocate time and effort to an activity “until marginal benefits equal marginal costs” (ibid). As in every market benefits and costs are individually decided. Both can be categorized in monetary and psychic (ibid). Additionally, the costs to enter or exit a market (opportunity costs) have to be considered. The same is true of criminal activities. In the case of cybercrime, especially DDoS Attacks, the benefits encompass monetary gain through extortion as well as individual satisfaction. The costs, on the other hand, encompasses everything from equipment to individual feelings of anxiety or guilt (ibid). It is, however, important to realize, why the deviation from law-abiding behavior can be considered lucrative.

This deviation can only be considered favorable if the individual opportunity costs are low enough. The opportunity costs of criminal behavior can be calculated through the net benefit “of the legal activity forgone while planning, performing and concealing the criminal act” (ibid). This implies that any criminal activity that promises to be more profitable (gross benefits minus costs) than any lawful activity is economically more efficient. Additionally, it indicates that “[the] lower an individual’s level of income [is], the lower is his opportunity cost of engaging in illegal activity” (ibid).

C. Reported Cases of extortion in the study by Segura & Lahuerta

These aspects are directly reflected in the cases studied and simulated by Segura & Lahuerta. They found that in a target group of online gambling sites the extorted profits “ranged from 10 000$ to 40 000$ depending on their annual revenues” (Segura & Lahuerta, 2006). Additionally, they simulated different extortion scenarios based upon the cost-benefit principle (profits equal benefits minus costs) and thusly able to identify the economic incentive through the stated equation (ibid).

IV. Opposing Arguments

A. Punishment as a deterrence

While these arguments strongly indicate the applicability of rational choice in criminal activities, opposing lines of argumentation often focus on punishment as a factor of deterrence (Li et al, 2010). This can also be considered for the multiple offences a DDoS Attack would encompass. Punishment for criminal offences ranges from fines to incarceration depending on the legal framework. However, the deterring factor of these punishments can be impaired by the “individual rate of discount” (Eide et al., 2006). The rate of discount illustrates the time gap between the reward of the crime committed and the respective punishment. Additionally, the factor of risk aversion has to be factored in. Furthermore, it has to be considered that the rate of recidivism and thus future deterrence is not guaranteed to decrease after an inflicted punishment (ibid). In a rational choice environment an individual will repeat the criminal act as long as his/her individual preferences as well as opportunity costs remain the same (ibid). Thus, punishment can – individually – lose any deterring factor.

[...]

Details

Seiten
8
Jahr
2016
ISBN (eBook)
9783668333031
Dateigröße
437 KB
Sprache
Englisch
Katalognummer
v342128
Note
Schlagworte
Botnet Cyvercrime; Crime; Economics;

Autor

Teilen

Zurück

Titel: Botnets. Economics of Cybercrime