Malware Centers and Offshoring

Most studies place China, Brazil, and Russia among the leading sources of conventional and web-based malware. Depending on the type of malware involved, there is a good chance that one of these three countries is among the leading suppliers. Malware from these countries reflect local Internet usage patterns. In Brazil, 75% of regular Internet users access online banking services so Brazilian malware tends to target financial transactions. In China, instant messaging services and online gaming account for several hundred million active users, and close to a billion dollars per year in virtual goods and currencies. Thus malware targeting onling gaming and IM credentials are common in China. Organized crime syndicates in Russia have steered resources towards the theft of credit/bank account numbers, botnets and phishing.

pathint

Why is fellow BRIC nation India not a malware center? While cyber laws and their enforcement are important, cyber law enforcement is weak in lots of countries not known for producing malware. The most common response I got from people I queried is that crimeware centers need a steady supply of skilled workers, and the criminal know-how to identify opportunities and evade prosecution. Here are three ingredients that may be crucial to nurturing a malware industry:

1. High-standard of basic education, large supply of technical workers
2. Strong presence of traditional organized crime
3. Widespread poverty and lack of employment opportunities for recent (technical) college graduates

Compared to Brazil and Russia, where organized crime syndicates are involved in the malware industry, the many amateurish Chinese hacker groups maintain public web sites and give interviews to the press. In contrast, the strong presence of organized crime in Brazil and Russia may explain the profit-making focus and relatively low-profile of digital miscreants in those countries. Over the past few years the sphere of influence of Russian criminal groups has slowly widened to include some hacker groups in the rest of the FSU.

Contrary to the common perception that jobs are easy to secure in China, many technical graduates in China face a challenging labor market. A 2005 survey by McKinsey indicated that multinationals were reluctant to hire graduates of second-tier universities in China. Similarly, a 2006 Chinese government study (National Development and Reform Commission) estimated that 60% of that year’s university graduates would be unable to find employment in their preferred fields. The government attributes the reduced quality of many technical education programs to the rapid growth in enrollment.

Unlike its BRIC peers, India has a technology sector that can’t seem to get enough workers. Along with the usual focus on law enforcement, strengthening the IT job market in the other BRIC nations would go a long way towards weakening the crimeware industry in those places. You give people good jobs and they are less likely to work for local criminal syndicates. A good reason to not reflexively oppose IT offshoring.

tags: ,
  • http://anjanb.wordpress.com anjan bacchu

    hi there,

    nice to hear this angle.

    being an indian, i would like to think that Indians are law abiding (but other types of crime in my country belie that)

    after the dotcom bust, many indian IT graduates were unemployed but I guess that it takes some time before these guys can get into bad circles and take to cyber crime.

    Also, these unemployed IT graduates need to have access to internet and computers : which I believe there might not be easy supply.

    The next economic downturn in India will give answers to these.

    BR,
    ~A

  • http://www.dukasi.de Bernhard Heß

    In regular intervals I look here by and am enthusiastic over the abwechlunsreichen and well investigated contributions. Power of far so – many greetings from the center of Germany!

  • Sameer ahmed khazi

    May be the facts about India not being a hub for organized Internet crimes, presented over here are true.

    But if one carefully follow some English Newspapers and their online edition of India we come across cyber crimes being committed at a fast pace.

    Two reasons may be attributed for reporting that online crimes are less in number in India are:

    1)Cyber crimes are rarely brought to the notice of the enforcement agencies.
    2)Even if they are brought to the notice of the said agencies , such agencies are not well-equipped to handle cases on Cyber space.

    Thank You..
    India.

  • L Berkowitz-Salutin

    Great stuff. High time for such a more thoughtful look at so called cyber crime.

    It would be great if some stakeholders like security companies and EFF could finance research to have even more detail available to the public; absolute numbers, more countries including the G8 and other developed countries; number of cyber crime units in a country’s law enforcement system(see above comment on India though that might be hard to get) prosecutions for cyber crime and conviction rate. etc. The graph has lots of room if thinner bars are used.

  • http://blogs.adobe.com/jd John Dowdell

    Another correlative factor may be whether there have been a few generations of a lawful economy. The Communist years stifled the cultural ecology of business, which may be why J. R. Ewing became the sudden role model once the ruling party collapsed.

    It’s like how two generations of executions by Saddam Hussein made the normalcy of Iraq more difficult. It’s hard to learn about good governance if you never saw good local role models while growing up.

    (Brazil had different problems with disproportionate centralism.)

  • Kumarasamy G S

    Very good Analysis !…

    Cyber crimes are too carried out India but it is very rare and Isolated.

    The one which is cracked by Chennai Police recently is very high professional work done by enforcement agencies.

    Even though India is a large technical manpower in the world, the rate of cyber crime is very less due to various reasons.

    The one reason I think is: The quality of life enjoyed by IT professionals in India makes every citizen to think about usage of their Knowledge Skills in a productive way rather than the other way around.

  • http://numen.wordpress.com/ numen

    So if someone wants to increase the computer crime rate in the US, they can simply lay off American programmers, and replace them with offshores. Cool!

  • Varghese

    Protect and clean your computer.
    If you are like me and tired many different scans in the past looking for something that will protect and clean your computer, give Search-and-destroyAntispyware a try. I found that the antispyware solution from Search-and-destroy Search-and-destroy/antispyware.html) is an excellent choice. It’s less expensive than many of the other scans I’ve tired but it finds the same type of bugs that can damage and ruin my computer. I am so happy with this scanner that I want to tell everyone about it so you can give it a try to. I’m sure you will love it.

  • Martha

    This is interesting because my experience has shown the Ukraine to be one of the major creator of malware over the last few years. I may be thinking of viruses rather than malware, but I am certain the Ukraine is very high up on this list.