An Analysis of the Lucrative Hacking Industry

Irfan Shakeel
June 16, 2016 by
Irfan Shakeel

As hackers started making money, they become sophisticated and very well organized that increased their profits while minimizing the risk. Hackers also have become more or less cooperate in their behavior while creating a business of hacking. Their business looks a lot like other great businesses in the market. They compete on quality, reputation, and price. Moreover, they have software development lifecycle and offering software as a service (SaaS) too. Not just resemblance in many ways, but also their business practice made them capable enough to be considered as a competitor to well-known organizations like HP, Dell, Microsoft, and others.

In this article, we will explore the business model of hackers, the different ways they make money by hacking, their motivation, profitability, risk levels and the strategies they followed to grow significantly.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Types of Business and their driving force

There are many categories of hacker group like organized crime, identity theft, Cyber warfare, IP theft, extortion and bank frauds. The business types and their motivation differ by payment potential and the associated risk.

A business that is designed for pure monetary gain are involved in some scam and frauds. There are many breaches news that is reported earlier. Following are the types of businesses running in the hacking industry.

Ad Frauds

In this type of frauds, the hacker creates an ad page and makes it visit by bots to increase the views count that generates fake traffic to the ad. Since the ad is being viewed, it got paid.

Credit Card Fraud

It's one of the greatest frauds becoming popular nowadays. Hacker tends to get the card's number and owner's detail that are further sold in the market. Not even details are gone public, but also unauthorized purchases are made on the victim's card which effects costly to the victim and profitable to the hacker.

Payment System Frauds

It is a well-known fraud currently rumoring over the internet which involve stealing the money from online payment systems like PayPal, Apple Pay, Bitcoin and others. The attacker makes money by stealing the victim's accounts or laundering money once taken.

Bank Fraud

Relatively it's an old technique in which attacker hacks into the victim's bank account through online banking and transfer money to other account owned by a hacker. Money can also be made through selling the banking vulnerabilities. These types of frauds always lead to extensive investigation and tracking of attacker making it extremely risky for the hacker.

Medical Records Fraud

This fraud involves stealing of Personal Identifiable Information (PII) from the online medical records or hospital portals and other medical/health systems. This data is then used for insurance fraud and identity thefts. As these types of attacks are new nowadays, there is more possibility of encountering more frauds over time with this context.

Identity theft

This is the most famous attack done by hackers. In this attack, the identity of the victim is stolen, which includes address, social security number, credit information and other confidential details. The attacker makes money by selling this information; this sold information can be used for many fraud purposes listed above.

Credential Harvesting

Hackers do these types of attacks on a daily basis. In these types of attack, the username, and password of the user are stolen via phishing pages. The Attacker makes money by selling these details or simply creates a dump database of multiple users' detail and then selling it to the underground market.

Bug Bounty

Identifying system's vulnerability has become a lucrative business with its own market and players. In Bug Bounty, the vendors and third party programs from all over the world like (Microsoft, PayPal, etc.) invite freelancers to discover vulnerabilities in their systems before they are exploited.


Extortion often targets the higher authority, system, and data center of the company. In this attack, the attacker installs a ransomware to the victim's computer or system, which encrypts the file with a password and restricts the user to access that file, then demand money or other business deals to release the file.

IP Theft

This type of attack involves the stealing of intellectual property from the target. That is used for impersonating purpose. The Attacker makes money by selling this information to a competitor of the company or system. These types of attacks have been seen in the electronic industry (cell phone, tablet PC), the entertainment industry (movies, software) and as well as in the defense industry (warplanes, weapons) and have vast effects on the person and the organization.


Hacktivism involves a least organized group of hackers, working on political or ideological based purposes. They target the organization and individual who have done something wrong. They are an online activist who performs online protest against something that is wrong in their perception. There are three main types of hacktivism:

  • Nuisance:

    This type of attack includes web destruction and Twitter handle takeover.

  • Disruptive:

    This type of attack targets disrupting organizational functions through DDos, Spammer, Botnets attacks.

  • Destructive:

    This type of attack destroys the target data and systems or left them useless.

Organizational Culture

The underground market works almost on the same strategy on which traditional market works that is supply and demand. There is always more worth for the information and tool that is most critical in the market and vice versa.

Hacking businesses do not function in hierarchical levels like traditional enterprise works. Each hacker works as an independent contractor providing value to the community. They choose their own working hour and feasibilities to work; they can also do a separate job to supplement their activities and needs. Some cybercrime businesses operate on a nine a.m. to four p.m. schedule, Monday through Friday, while Monday mornings being the hectic time of the week, apparently to catch up from the weekend.

The cyber crime community depends on anonymity. Hackers are known by their alias, their original identity remains mysterious and unknown to everyone, this provides strong obsession to the hacking business. Trust and a good reputation is the key to enter the market. If a hacker is not trusted, then there will be difficulties to make money in the system. Trust is built by demonstrating your skills and being acknowledged by others in the industry.

Workforce Management

Managing a workforce encompasses a variety of tasks through which the workforce can be managed in the organization, it comprises of three main areas of responsibilities, staffing, employee compensation and benefits. These three major roles are followed by various sub-roles that lead organization's workforce management.

In hacking business most jobs are of contract base and some hackers are doing multiple jobs as per their ease. Each activity directly or indirectly contributes to the end product. Attackers who contribute significantly than other, claims higher commission.

Hacking business requires very little knowledge and skill to get started. In fact, some activities do not require and computer skills, making it feasible and easy for non-technical people to enter into the hacking business. The following are examples of non-IT jobs in the hacking business:

  • Guarantor services/background checks
  • Escrow services
  • Recruiting
  • Cyberlaundering
  • Sales and marketing
  • Legal
  • Recruitment for the new hackers are done through different blogs and forums as trust is the key component for hacking business, so only a skilled hacker can survive and contribute efficiently. One major concern for hacking business operations is the location from which a hacking is being operated.

    Cash flow system plays a vital role in the business of hacking, which converts the earned underground money to legal money without any trace. One way to do this is by converting the e-currency to Bitcoins that can further be sold legally (in some countries). Another way is to set a fake online business and purchase random items to pull the money out from stolen PayPal accounts.

    Marketing and sales

    Attackers must work continuously to fabricate and uphold their status and trust in the marketplace. Where reputation and credibility are everything. They also evaluate other hackers regularly they do business with. One false move can destroy one's credibility.


    Being open source community is making the business of hacking to grow significantly. The tools are shared, that enable other hackers and newbie's in gaining access to victims and in developing new exploits. It also results in a highly flexible marketplace.


    Every business has its own weaknesses; similarly, the hacking business also has many weaknesses that limit the hackers to double check while doing business. The main root of this weakness is the anonymity as no one knows who the other guy is. This affects sales and operations. Moreover, creating a new alias reputation can cost them valuable time, effort, and money for guarantor fees, higherlevel forums access, etc.


    Opportunities for the business of hacking are growing day by day, even more frequently than any other business in the market. Developing countries are moving toward new technologies to pay bills and access the Internet. Unfortunately, creating new opportunities for attackers and cyber threats.


    The nightmare of hacking businesses is getting caught; mainly the threat is new security technologies. These technologies such as DNS malware analytics slower down attackers and increase their risk of getting caught, resulting in lower profits for them.

    FREE role-guided training plans

    FREE role-guided training plans

    Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

    Hacking business is growing significantly, making other businesses consider it as their aggressive competitors. Hacking business is becoming a global threat; everyone is working on to slow down the attackers and to disrupt them. The need for determining new and effective technologies is increasing continuously as attackers are at a peak. We must focus on this issue and come up with more advanced technology which somehow help us to compete effectively and slow down attackers to protect their businesses.

    Irfan Shakeel
    Irfan Shakeel

    Irfan Shakeel is the founder & CEO of ehacking.net An engineer, penetration tester and a security researcher. He specializes in Network, VoIP Penetration testing and digital forensics. He is the author of the book title “Hacking from Scratch”. He loves to provide training and consultancy services, and working as an independent security researcher.