While cybercriminals don’t pay taxes on their income, if they did, their annual earnings might push them into one of the higher tax brackets. Some spend their money like legitimate earners typically do – but others tend to blow it on fast cars, hookers and drugs.
According to a Bromium analysis of how much money cybercriminals earn and what they spend it on, high earners make up to $2 million per year. Mid-level criminals make up to $900,000, or more than double the US presidential salary. And entry-level hackers make $42,000 – significantly more than the average UK graduate.
“Every time someone pays a ransom, they are participating in the web of profit,” said Gregory Webb, CEO of Bromium. Cybercrime is a lucrative business, with relatively low risks compared to other forms of crime. Cybercriminals are rarely caught and convicted because they are virtually invisible. As criminals further monetize their businesses by allowing anyone to buy prepackaged malware or hire hackers on demand, the ability to catch the kingpins becomes even more challenging. The cybersecurity industry, business and law enforcement agencies need to come together to disrupt hackers and cut off their revenue streams. By focusing on new methods of cybersecurity that protect rather than detect, we believe we can make cybercrime a lot harder.”
Data gathered through firsthand interviews with 100 convicted or currently engaged cybercriminals, combined with dark web investigations, revealed that 15% of cybercriminals, like the rest of us, spend most of their money on immediate needs, such as buying diapers and paying bills. About 30% of cybercriminals convert some of their revenues into investments, such as property or financial instruments, and other items that hold value, such as art or wine.
They reinvest in their businesses, too: About 20% of cybercriminals spend at least some of their revenue on further criminal activities, such as buying IT equipment.
About 15% of cybercriminals spend to attain status or to impress romantic interests and other criminals, like buying expensive jewelry. Bromium found that there is a growing market catering to cybercriminals by allowing them to buy things with virtual currency. Sites such as The White Company, Bitcoin Real Estate and De Louvois offer luxury products priced in Bitcoin, which is becoming a concern for financial analysts.
Additionally, 20% focus their spending on bad habits – like buying drugs or paying prostitutes.
One individual in the UK, who made around £1.2 million per year, spent huge amounts of money on a trip to Las Vegas, where he claimed to have gambled $40,000 and spent $6,000 hiring sports cars so that they could “arrive in style” to casinos and hotels. Another UK cybercriminal funneled his proceeds into gold, drugs and expensive watches and spent £2,000 a week on prostitutes.
“The range of spending habits among cybercriminals was fascinating,” said Mike McGuire, the researcher behind the report. “It’s alarming how easily cybercriminals are able to spend their illicit gains. There is an ever-growing market that is almost tailor-made for cybercriminals to make these ostentatious purchases with little to no regulation or oversight.”