New criminality platforms and a booming cyber-crime economy have resulted in $1.5 trillion in illicit profits being acquired, laundered, spent and reinvested by cyber-criminals, according to Bromium’s independent study that looked into the interconnected dynamics of cyber-crime.

This is one of the first studies to view the dynamics of cyber-crime through the lens of revenue flow and profit distribution, and not solely on the well-understood mechanisms of cyber-crime.

The new research exposes a cyber-crime-based economy and the professionalization of cyber-crime. This economy has become a self-sustaining system – an connected web of profit that blurs the lines between the legitimate and illegitimate.


The research points to an emergence of platform criminality, mirroring the platform capitalism model used by companies like Uber and Amazon, where data is the commodity.

The report also raises concerns about new criminality models that these platforms enable, which fund broader criminal activities such as human trafficking; drug production and distribution; and even terrorism.

“The findings of Dr. McGuire’s research provide shocking insight into just how widespread and profitable cyber crime has become,” said Gregory Webb, CEO of Bromium.

“The platform criminality model is producing malware and making cyber crime as easy as shopping online. Not only is it easy to get access to cyber criminal tools, services and expertise: it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks as The Web of Profit continue to gain momentum. We can’t solve this problem using old thinking or outmoded technology. It’s time for new approaches.”

Illegal revenue generation

Conservative estimates in research show cyber criminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia. If cyber crime was a country it would have the 13th highest GDP in the world, according to the report.

This $1.5 trillion figure includes:

• $860 billion – Illicit/illegal online markets.

• $500 billion – Theft of trade secrets/IP.

• $160 billion – Data trading.

• $1.6 billion – Crimeware-as-a-Service.

• $1 billion – Ransomware.

The report finds evidence that cyber crime revenues often exceed those of legitimate companies – especially at the small to medium enterprise size. In fact, revenue generation in the cyber crime economy takes place at a variety of levels – from large ‘multinational’ operations that can make profits of over $1 billion; to smaller SME style operation where profits of $30,000-$50,000 are the norm.

However, the report asserts that comparing cyber crime to a business is misleading. Cyber-crime is more accurately described as an economy: “a hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting, and maintaining criminal revenues at an unprecedented scale,” says Dr. Michael McGuire, senior lecturer in Criminology at the University of Surrey in England.

There is now a growing interconnectedness and interdependence between both the illegitimate and legitimate economies. This interdependence is creating what McGuire terms ‘The Web of Profit’. McGuire argues that “companies and nation states now make money from The Web of Profit. They also acquire data and competitive advantages from it, and use it as a tool for strategy, global advancement and social control. There is a range of ways in which many leading and respectable online platforms are now implicated in enabling or supporting crime (albeit unwittingly, in most cases).”

Platform criminality

Platform capitalism – a term used to describe the likes of Uber, Facebook and Amazon – is offering fertile ground for hackers to further their gains. Whether by hacking companies to acquire user data; intellectual property; disseminating malware; selling illegal goods and services; setting up fake shop fronts to launder money; or simply connecting buyers and sellers, it is evident that cyber criminals are adept at manipulating existing platforms for commercial gain. Yet beyond platforms being the targets and unwitting enablers of cyber crime, the report suggests they have provided inspiration – as a model of platform criminality emerges.

According to McGuire, “this is creating a kind of ‘monstrous double’ of the legitimate information economy – where data is king. The Web of Profit is not just feeding off the way wealth is generated there, it is reproducing and, sometimes, outperforming it.”

The report points to the success of modern ‘platforms’ – companies like Facebook, Google and Amazon – highlighting their role as facilitator and not creators. “The main contribution of platforms is to connect individuals with a service or product. The platforms produce nothing themselves in this process, but the end-user consumers provide platforms with the most precious of all commodities within an information-based economy – their data. We are now seeing the same thing in the cyber-criminal underworld,” stated McGuire.

Cyber-criminal platform owners are likely to receive the biggest benefit from this new wave of cyber crime, and that the owners will distance themselves from the real commission of crime. In fact, it has been estimated hackers may only earn around $30,000 per year. Managers can earn up to $2 million per job – often with just 50 stolen card details at their disposal. Dr. McGuire refers to this as a shift to ‘post-crime’ reality, where cybercriminals are taking a ‘platform capitalism’ approach to selling, rather than committing crime.

In fact, McGuire found criminal sites offering ratings, descriptions, reviews, services, and even technical and customer support. These platforms are improving the criminal ‘customer experience’ and allowing easy access to services and products that support the commission of crime on a global scale. Some examples of services and products include:

• Zero-day Adobe exploits, up to $30,000.

• Zero-day IOS exploit, $250,000.

• Malware exploit kit, $200-$600 per exploit.

• Black-hole exploit kit, $700 for a month’s leasing, or $1,500 for a year.

• Custom spyware, $200.

• SMS spoofing service, $20 per month.

• Hacker for hire, around $200 for a “small” hack.

These platforms fuel industrial scale revenue generation, with their own sets of digital currencies and exchanges, production zones, tools supply, technical support, global distribution mechanism and marketplaces.

They deal with specialised producers, suppliers, service providers and consumers. Interestingly, advertising is a core revenue generator too: before being taken down in 2016, the ‘Kickass Torrents’ platform was worth over $54 million, with estimated $12.5-$22.3 million annually in ad revenue alone.

A new kind of crime

As in the legitimate economy, criminal enterprises are going through digital transformation and diversifying into new areas of crime. Cyber-criminals were found to be reinvesting 20% of their revenues into further crime, which suggests up to $300 billion is being used to fund future cyber-crime and other serious types of crime – including drug manufacturing, human trafficking or terrorism.

For example, the report points to the take-down of Alphabay – one of the largest dark web online markets – revealed that in addition to more than 250,000 listings for illegal drugs, there were also listings for toxic chemicals, firearms, counterfeit goods, malware, and over 100,000 listings for stolen and fraudulent identification documents and access devices. This demonstrates that platform criminality can easily adapt to include other areas of crime.

The report identifies the development of cyber-crime growth cycles, where money generated from cyber-crime is being reinvested into further crime. Many of the larger cyber-crime operations which have been detected typically reinvest revenues into expanding and developing the operation – for instance buying more crime-ware, maintaining a website, paying mules, or other criminal requirements. Reinvestment also includes spending money to support other types of crime.

“We can clearly link cyber-crime to the spread of new psychoactive substances with over 620 new synthetic drug types on the market since 2005. Many substances of this kind are manufactured in China or India, purchased via online markets, then shipped in bulk to Europe. But there is also evidence that groups who acquire revenues from cyber-crime are involved in the active production of drugs. For example, the arrest of a Dutch money laundering gang also led to the discovery of ingredients they possessed to make ecstasy – further highlighting a material link between cyber-crime active and organised crime activities, said McGuire.

Human trafficking

The report also points to the fact that platform criminality is contributing to the issue of human trafficking. McGuire commented, “pimps frequently use the internet as a tool for gathering revenues from clients and workers, and then recycle this back into the logistics (and costs) of trafficking victims from target locations with economically vulnerable populations.”


The report identified a connection between cyber-crime and terrorism. There was one case where cyber-crime was committed specifically to generate revenues for terrorist activities. “One British-born follower of Al Qaeda, who provided technical assistance to the terror group with uploading videos, quickly realized that his technical skills could also be used to commit cyber-crimes,” McGuire explains. “He began to acquire stolen credit card numbers through transactions on online forums, such as Card-planet, gathering over 37,000 separate card data files and generating more than $3.5 million in revenues.”

“This new cyber-crime economy has created new digital businesses, making it even easier to conduct cyber attacks,” said Webb. “The walls between the criminal and legitimate worlds are blurring, and we are no longer simply dealing with ‘hackers in hoodies.’ We have to understand and tackle the underlying economic ecosystem that enables, funds and supports criminal activity on a global scale to stem the tide and better protect ourselves. By better understanding the systems that support cyber-crime, the security community can better understand how to disrupt and stop them. New approaches to cyber-security will be required.”

The complete picture?

“The report is perfectly correct that the cyber-crime has undoubtedly became a very profitable and sustainable business that no government can control now,” according to Ilia Kolochenko, CEO of web security company, High-Tech Bridge.

However, it may have missed some figures because the most serious cases of cyber-crime, like nation-state attacks or company sabotage from large conglomerates against competitors – are not often detected or exposed.



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.