The changing landscape of cybercrime has meant that you do not need to be a computer geek to start reaping in dirty cash from cybercrime activities.

The world of technology and computers is constantly changing and opening itself up to the masses even though not each and every use of technology we make is legitimate.

I still smile when my parents hook on Skype or keep tabs of some old useless junk on sale on eBay – it’s testament that today’s technology is really ubiquitous.

In my childhood years, my computing abilities enabled me to configure my serial and parallel ports on my 386 machine or to shift memory allocation around in order to ensure that Monkey Island ran smoothly. Back then, I would be mesmerised, reading the exploits of cybercriminals in books such as The Cuckoo’s Egg by Cliff Stoll.

As a young adolescent with very basic mastery of computers I realised that you do not just need malicious intent to become a cybercriminal but you required a very intimate knowledge of how computers worked. Even though I never had any criminal intent, I always felt amused at how technology could serve as a tool of choice for committing crime without proverbially dirtying your hands.

You don’t need a mammoth machine to perpetrate cyber offences

In the past few years the availability of technology and the ever-changing nature of computing tools has simply democratised cybercrime.

You don’t need to be a source code wizard to become a hacker. You don’t need a mammoth machine to perpetrate cyber offences. You just need to know what to look for. The tools are all there for the taking and the perfect example of this is the rise of online advertising fraud and the use of malicious botnets.

Botnets are malware infected or compromised computers which are then used to instigate and launch a myriad of cyber-attacks ranging from denial of service attacks to e-mail spam. Without your knowledge your computer can be infected and could be a zombie performing tasks without your knowledge.

But don’t think that you need to be a scientist nowadays to set up your own botnet farm and use these infected computers as your despicable minions to launch your worldwide cybercrime conquest. All you need is a couple of hundred euros and publicly available programs and you are almost there. Botnets are nowadays not only used by hacktivist groups such as Anonymous to carry out their DDOS attacks but are increasingly being used by common people to commit click fraud.

Click fraud occurs when automated script or compromised computer terminals are used to click on adverts which run on a pay-per-click business model. The activity is very simple in its design even though some perpetrators run huge systems of a more complex nature.

Basically, you can set up a very straightforward website, have adverts on your site and then generate revenue by having clicks registered on those ads. Now imagine that through the use of botnets you are generating terrific volume of traffic and clicks on those ads. You have essentially set up your own private pension plan, illegally of course. Many companies, including Google have been the victims of such activities and it appears that such attacks are only increasing.

The situation is now even more precarious due to the fact that botnet farming software is easy to acquire and deploy and thereby assisting in the illegal pay-per-click type of fraud. Sometimes the amounts are so small that it is not easy to detect genuine from malicious activity even through the use of illicit click farms.

The availability of malware such as Zeus and Spyeye means that, theoretically speaking, even my mother, instead of chatting away on Skype, can set up her own botnet farm and become a cybercriminal, raking in cash through fictitiously generated advert click-through revenue. Some users of Zeus went as far as declaring that the creation of a 10,000 machine botnet was so easy that cybercrime has today become more profitable than drug dealing. Perhaps the next hit series on television will not be Breaking Bad but would have an illegal botnet as its core storyline as opposed to cooking meth.

What is certain however is that despite its ease of use, click fraud is indeed a criminal offence regulated by the computer misuse provisions contained in our Criminal Code. Furthermore, the making available of programs such as Zeus and Spyeye can also lead to criminal offences. In fact, Article 337(C)(1)(l) of the Criminal Code provides that it shall be an offence to produce, sell, procure for use, import, distribute or make available any software program designed or adapted primarily to commit a computer misuse offence including unauthorised access, hacking and related offences including DDOS and botnet activities.

It seems however that the law has not served as a sufficient deterrent. The proliferation of high-speed internet connections together with the ease of use of such tools has enabled many individuals to join the cybercrime bandwagon albeit in a less sexy fashion that what we are normally accustomed to see. Problems and deficiencies in law enforcement related to such illegal activities are also very apparent. This again brings to the limelight traditional issues associated with cybercrime including jurisdictional issues.

Surely, as part of her technological trials and tribulations, I will ensure to advise my mother not to try her hand at click farming any time soon.

Dr Ghio is a partner at Fenech & Fenech Advocates specialising in ICT Law (www.fenechlaw.com). He also lectures ICT Law and Cybercrime at the University of Malta.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.