I read a news item today. It reported that hacking computers is “a huge criminal business.” Here is the excerpt:
“Hackers haven’t stopped attacking Microsoft products, but they’ve started attacking everything else as well,” Alan Paller, director of research for Sans said. “The reason is this is a huge criminal business now. Capturing another 100,000 computers to be used for spam can be worth a million bucks.”
This puzzles me. Where’s the return on investment? The hackers (or the more politically correct term, crackers) attack vulnerable computers to install a spamming engine. That computer now spends all it’s time sending spam email or instant messages. Okay. I understand what they are doing. But, why are they doing it?
Spammers are paying crackers millions of dollars to research the vulnerabilities, write these spamming programs, and devise insidious deployment schemes. For what? So that millions of people get offers for “v.i.a.g.r.a” or “C1Al1$” or low mortgage rates or sexy moms or whatever?
It comes down to this. The only way the spammers could make a growing or even a sustainable income is for people to actually follow through on the offers. Someone has to be buying the advertised goodies or the revenue stream and the demand for spam and cracking would evaporate.
If no one were buying the drugs or mortgages or whatever, the spammers would move on to a more prosperous endeavor. They wouldn’t pay for cracking services and we’d have little if any spam.
But, look in your inbox. Or, if you have a filter of some type in place, look in your Junk or Bulk folder. You have more spam than ever. The market for spam and the devious ways of sending it are increasing exponentially. I can’t fathom a growing number of people answering spam ads. Can you?
So maybe the revenue is coming from somewhere else. Perhaps the recipients of the spam are incidental. The real source of income might be the fine folks with the drugs, sex, and mortgages for sale. Perhaps these entrepreneurs are paying spammers to have their “advertising” delivered to millions of people. I have recieved spam that offered this very service, spamming. “Get your ad delivered to millions of qualified email addresses,” for example.
If this is the case, then even if no one ever buys any of the products or services offered, the spammers could still have a sustainable revenue stream, since it will take a while for the seller to realize that they aren’t selling anything. By the time they go out of business, the spammer has their money and three new vendors have stepped up to take his place. Or maybe there is enough of an income trickle to encourage the seller to continue buying spamming services. It is conceivable, I suppose, that a few inexperienced Internet users (newbies, they are labeled) out of a million others actually buy through spam, making it viable.
Whatever the case, the spammers obviously have a revenue stream. If we dry that up, we would end spam. But how do we do that?