why cybercriminals need to have really, really good customer service

April 16, 2013

my little botnet

One of the big new trends on cybersecurity blogs is to point out that people selling software for botnets and offering hosting plans that allow them to stall any attempt to shut you down enough to let you reset your operation if it’s eve caught, are really, really customer friendly and offer a quality of service that we wish most big companies tried to emulate. Somehow, we are supposed to be shocked that not only is the malware ecosystem so well organized, but that it’s so easy for people to set up botnets, spam operations, and exploit kits and that all those packages come on a digital equivalent of a silver platter, delivered by an evil cyber-Jeeves committed to making the botnets of your dreams a reality. But what else should we expect? Hacking takes some skill and you need experienced programmers and network admins to find new exploits. There aren’t that many people out there capable of building really potent malware and the demand for them is off the charts, meaning easy money to be made if they sold it to legions of criminals.

But the services are inherently illegal, some of the customers are very, very dangerous, as in a wing of the Russian mob, or the Yakuza, and the only way to effectively sell is through a happy customer who hasn’t ordered a hit on you after you sold them an exploit kit. So of course you’re going to do all you can to ensure excellent customer service. Not only does it bring in money but it boosts sales, exactly like in any other line of business. And again, it’s really important to point out that your typical angry customers have little recourse besides yelling at a manager of a call center across the world for an hour, but the people who spend tens of thousands of dollars on a brand new Zeus or BlackHole platform and thousands more per month on their malicious C&C server farm would have other means to voice their dissatisfaction. To stay in business you must a) keep them happy, b) give them what they want, and c) cover their asses as much as you can because if they’re going down, you may be going down with them. It would be more shocking if the malware industry wasn’t as polished and professionalized as it is today…

[ illustration by Aurich Lawson ]

Share
  • Paul451

    OTOH, the legal vendors that we struggle with generally do offer a better class of service to their wealthiest clients than they do to us, even without the threat of hitmen. And the illegal vendors happily rip off each other at the bottom of the market (CC# resellers, for example.)