Making $1M a Month

One infamous cybercrime scam netted two perpetrators a cool million a month

5:42 PM -- If software vulnerabilities are costing the U.S. $180 billion per year as David Rice says in his new book, "Geekconomics: The Real Cost of Insecure Software," just how much are the bad guys making?

Rice, director of the Monterey Group and a SANS course instructor, says we really don't know. But there are some shocking examples of just how lucrative cybercrime can be, Rice says.

Take the infamous, which was run by two enterprising criminals who call themselves 76 and Exoric. The two (who are now apparently on the lam) cleared a cool one million dollars per month in a scheme modeled after portfolio investments, Rice says.

They sold access to infected PCs (think bots), but apparently didn't do any of the data-stealing themselves, he says. "The 76service sold all these 'owned' machines in what they called a 'project,'" Rice explains. The buyer would harvest any valuable data off the machine, and sell that information to the black market.

"The buyer acts as a fund manager," he says. And as some stocks perform well, some infected machines had more valuable booty -- such as bank account information -- than others. "They could then sell it on the black market for a lot of money," he says.