“There is one thing stronger than all the armies in the world, and that is an idea whose time has come.” -Victor Hugo
On June 5, the Cyber Security Summit will take place in Tysons Corner, Virginia; this is a unique high-level forum between the private sector, cybersecurity leadership and the U.S. government. The conference discussion will center on the need for greater information sharing regarding threats and technical indicators, the need for continuous monitoring, i.e. CDM, and migration to cloud computing. Many presentations will focus on the activities of the Chinese and nation state hacking. In the spirit of stimulating a more enlightened level of discourse, I would suggest it would be a travesty to ignore the Eastern European shadow economy.
2014 will be remembered in history as the year the “sixth estate of cyberspace” reached maturity. The underground of the Deep Web is now a true economy of scale that maintains a virtual supply chain. It is this supply chain and the asymmetrical capabilities which it endows that undermine the institutions of society at large.
The virtual arms bazaar is singularly responsible for the proliferation of cyber attack capabilities and the corresponding money laundering and bulletproof hosting for the most nefarious cybercriminals. When combating the most significant cyber crews/arms merchants in cyberspace, we must accept the reality of their infrastructure. There exists a virtual supply chain for hacker crews – one which resembles a three-legged stool. The hacker’s virtual supply chain consists of three services: provision of hacker services/toolkits; the anonymous payment systems; and the bullet-proof hosts. As illustrated in the 2013 report by Trend Micro, the Deep Web is comprised of a myriad of actors who provide professional services and accept payment outside of the traditional financial sector.
The theme of the Cyber Security Summit should shift to how we could undermine the ecosystems of hacker crews. Law enforcement alone cannot civilize cyberspace, as they are hampered by the lack of international cooperation and time. Technology cannot secure the hostile landscape of cyberspace.
Thus, I challenge you who read this to begin to think outside of the proverbial box. How might we begin to put pressure on the money laundering, hosting and reputations of the hackers themselves? The sixth estate of cyberspace is burgeoning and must be respected. The real “human” cost of inaction is illustrated in this report.