Crime-sourcing: the dark side of the crowd

October 20th, 2011 by

microtask_cybercrimeWhat do you do if your bank account gets hacked? Option 1: cancel your credit cards, have a couple of drinks and promise to stop opening emails from long lost cousins based in Nigeria. Option 2: take it personally, put on some dark sunglasses and go after the hackers.

Misha Glenny chose option 2, and then spent over two years infiltrating the murky world of cyber-crime. He uncovered a fast-growing, global industry. According to Glenny, cyber-crime bosses are adaptable, imaginative and eager to exploit new technology. They’re also phenomenal outsourcers – a single hack can involve a “distributed workforce” operating across continents. So maybe it’s not surprising that – just like many legit online businesses – the bad guys are now experimenting with a new online tool: the crowd.

Guilty pleasures
So, how do you convince the crowd to commit crime? Answer: trick them into it. Take this ingenious scam where users (presumably young, spotty males) were given access to free pornography in return for solving CAPTCHAs. The more words they decoded, the more images appeared. Unfortunately, it turned out the CAPTCHA data was being used to break into Yahoo email accounts. You kind of have to admire the criminals’ grasp of game motivation theory, if not their choice of “reward”.

The sheer range of crime-sourcing plots is jaw-dropping: from Twitter organized flash robs to shady Mafia-type gangs who recruit virtual mules to launder money and receive stolen goods. Then there are cyber-crimes where the crowd actively participates, like the notorious LulzSec group’s “hacking hotline” which got people to vote on who the group’s next hacking victim should be (must have caused Sarah Palin some serious DDoS problems).

Trust me, I’m a crowdsourcer
Does crime-sourcing matter much to us – the hard-working, honest crowdsourcing majority? I guess it depends how big the “crime-sourcing sector” grows. Could enough crowd-scams make people suspicious of crowdsourcing in general? Right now there’s a lot of “positive-energy” around crowdsourcing. If we lose this, we risk losing the crowd altogether. Imagine people thinking: “those digital moles sure look cute, but what if they’re really a furry front for some evil cyber villain?” Or if crime-sourced games started infiltrating social networks (gives Mafia Wars a whole new meaning).

Of course, this is all speculation – a worst case scenario. Crime-sourcing is really a twisted tribute to the power of crowds. It’s only because crowdsourcing has become so successful that criminals are suddenly desperate to get “in on the game”. We just have to work out how to stop them. Ideas anyone?

  • Charlelie Jourdan

    Create as soon as possible a label of confidence on the model of “Max Havelaar Fair Trade” seems to me the best way to avoid duplication. Using a trademark on it, with independent expert verification on the conditions of use might definitely caught short any criminal activity –

    Such a label would also diminish future accusations of “sweat shops” and other misuse of the power of the crowd. If your company makes a first step alongside the most important actors of the sector, for example presenting the possibility of such a label at CrowdConf in SF at the beginning of November, you will definitely put a stamp on your processes and keep it on the bright path. I am not a PR consultant but it’s what I would do.

    Good luck, and congratulations for the digital mole :-) that was a brilliant idea, and kind of really Finish too..


  • Future Crimes

    Very interesting article, similar to my story which I wrote for Forbes.

  • Future Crimes

    Very interesting piece.  I I wrote about these very same issues in an article I did for Forbes Magazine, which might be of interest.