Hello,
I'm a long time lurker (and do occasionally get involved in discussions) as well as a long time Hak5 fan, however I've decided to make a new account for anonymity. I've talked to the Mod Diginija (who has already been very helpful in this project) about posting this here and he's said that it's fine for me to do so. I also apologise for the lengthy post, but I feel I need to set the scene as best as possible. I'm currently working on a research project on Cybercrime-as-a-Service (CaaS), or the selling of pre-made malware and cybercrime services. The project is completely non-profit (and is coordinated through Globalcriminology.com), and will mainly get circulated around research institutes/NGO's as a preliminary for next years ISEC programmes (http://ec.europa.eu/dgs/home-affairs/financing/fundings/security-and-safeguarding-liberties/prevention-of-and-fight-against-crime/index_en.htm). All the researchers involved have some level of expertise in computer security and so we're hoping that we can develop a paper which doesn't make the horrible technical mistakes which previous ones unfortunately have. However, none of us currently work in computer security (and as we all know it's a rapidly developing arms race), so we wanted to reach out to the computer security community and get some input on what you see as the reality of the situation. Much of the past research has given a somewhat Hollywood view of things, whilst the better research has become quickly outdated or focussed too much on the technicalities of individual malware to be of much use outside the immediate technical community. Reality is the key here - we're wanting to give an unbiased perspective on the state of cybercrime (especially as a market) without any input from A.V companies (which dominate the research currently) and we won't be talking about overclocking the firewalls or injecting the FSB into the MAC core. If you would like to help by answering a few short questions or possibly spend a few minutes chatting about the state of cybersecurity, please let me know via PM or email research@globalcriminology.com. Don't worry if you don't feel like an expert or haven't experienced any CaaS - any input is useful at this stage. The strictest confidentiality procedures will apply, and all data will be disassociated from any identifying information once gathered. Thank you for reading, and let me know if you have any further questions either below or by PM/email. Thanks for your time.
