Cybercrime: An Inside View from Ex-Hacker Brett Johnson

By Lawrence D. Dietz, JD, MSS
Faculty Member, School of Security and Global Studies, American Military University

It’s not often that you get the insider’s view of the cybercrime world from a convicted cybercriminal. Recently, cybersecurity vendor Looking Glass Solutions sponsored an event featuring Brett Johnson, who the FBI Field Office in Columbia, South Carolina, called “The Original Internet Godfather.”

Johnson is now a cybersecurity consultant and speaker, and he had some very interesting things to say during his speech.

Three Reasons Why Criminals Commit Cybercrime: Ideology, Status and Money

According to Johnson, there are only three reasons why cybercrimes are committed: ideology, status and money.

He also noted that there were two developments that helped to jump-start the cybercrime boom. The first was the advent of cyber currency such as Bitcoin. Bitcoin enabled the movement of incredibly large amounts of money almost anonymously.

In July 2018, for example, California technology news source NULLTX reported that “97% of darknet illicit activity has been conducted through Bitcoin over the years. While similar currencies such as Monero are growing in popularity, Bitcoin continues to be the leading one, specifically due to its liquid market.”

The second key development was the creation of platforms that facilitated the ability of cybercriminals with various skills to pool their efforts and work together. These cybercrimes typically consist of three phases:

1) Collect the intelligence needed for the crime.

2) Commit the crime.

3) Cash out.

Cybercrimes Often Need Various Subject Matter Experts

Think of cybercrime like a construction project. There is a general contractor who coordinates the various subcontractors. In construction, you need concrete workers, carpenters, electricians and plumbers, while in cybercrime you need resources for each of cybercrime’s three phases.

Platforms Enable Huge Amounts of Currency to Be Instantly Moved, but Also Lead to Prosecutions

The magnitude of electronic transactions involving the almost-instant movement of currency is staggering. For example, Wired Magazine noted in January 2018 that “In the case of convicted Silk Road founder Ross Ulbricht, for instance, a FBI contractor demonstrated to a jury that $13.4 million in bitcoin had at one point moved from the Silk Road’s servers to Ulbricht’s laptop.

Even years-old Dark Web transactions aren’t safe from prosecution. According to Motherboard, one German Silk Road customer was fined 3,000 euros by German authorities after they busted a marijuana dealer who’d kept records of his past sales, years after they had occurred. Without platforms, cybercrime would have just been small potatoes.

Another major platform was AlphaBay, an online market for criminals. On July 20, 2017, the FBI took it down from the Dark Web.

The FBI claimed that “AlphaBay reported that it serviced more than 200,000 users and 40,000 vendors. Around the time of the takedown, the site had more than 250,000 listings for illegal drugs and toxic chemicals, and more than 100,000 listings for stolen and fraudulent identification documents, counterfeit goods, malware and other computer hacking tools, firearms, and fraudulent services. By comparison, the Silk Road dark market — the largest such enterprise of its kind before it was shut down in 2013 — had approximately 14,000 listings.”

Johnson: Many Cybercriminals Skilled at Social Engineering

Contrary to popular opinion, Johnson pointed out that cybercriminals are not upper-tier hackers with technical skills, but they are adept at social engineering. In other words, according to Johnson, these attackers are good at intelligence collection, but not at execution or cashing out.

Intelligence collection is generally social engineering to learn about a criminal target. It consists of identifying the target’s characteristics, finding key personalities and using technology.

According to the Digital Guardian, 91% of cyberattacks start with a phishing e-mail and many phishing attacks are simple. For example, an attacker may take advantage of victims by using a fake URL that has a “1” instead of an “I”. This is known as the Unicode Domain Phishing exploit.

A highly successful variant of phishing is the highly focused attack known as spear phishing. According to the Phishing Trends and Intelligence Report published by PhishLabs in 2018, the share of attacks against targets in the United States continues to grow, now accounting for more than 86% of total phishing attacks. This is an increase of 5% over the previous 2017 report.

Cybercrime Trends for 2019

The World Economic Forum (WEF) is predicting a number of cybercrime trends for 2019.  Trends they have highlighted include:

• Advanced phishing kits
• Remote access attacks
• Attacks via smartphones
• Vulnerabilities in home automation and the Internet of Things (IoT)
• Increased vulnerabilities due to the increased use of artificial intelligence

Smartphones represent a particularly attractive vector for cybercriminals, because we all have them and are addicted to them. Malware injected via unsafe browsing or phishing is noted as the most likely attack path on smartphones.

As far as the IoT is concerned, consumers are buying IoT devices at an expanding rate. Everything from smart refrigerators to fish tanks is being connected to the internet for a variety of reasons. Couple this with utility providers converting their legacy Supervisory Control and Data Acquisition (SCADA) devices to the IoT, and there is truly a land of cybercrime opportunity for the unscrupulous.

To minimize their cybersecurity vulnerabilities, individuals and organizations need to be constantly vigilant. They need to employ a layered approach to their technology and techniques. In addition, they should make their personnel aware of security threats and educate them as new threats arise.

About the Author

Lawrence Dietz is an adjunct professor for the School of Security and Global Studies at American Military University, specializing in teaching courses on military intelligence, intelligence and security. He is also an Attorney at Law in California and the District of Columbia; an Ombudsman and Outreach Director for the Employer Support of the Guard and Reserve; a U.S. Army Colonel (Retired); and General Counsel and Managing Director, Information Security at TAL Global.

Lawrence holds a B.S. in business administration from Northeastern University, an MBA from Babson College and a Juris Doctorate from Suffolk University Law School. Other academic credentials include an M.S. in strategic studies from the U.S. Army War College and an LLM in European Union Law from the University of Leicester in the United Kingdom.