• United States




Blackhole exploit kit author sent to jail: Pyrrhic victory for the cybersecurity industry

News Analysis
Apr 18, 20163 mins

The imprisonment is rather a defeat than a victory for our industry if we carefully look into the details.

According to Wikipedia, a Pyrrhic victory is a victory that inflicts such a devastating toll on the victor that it is tantamount to defeat.

Last week, many cybersecurity media outlets announced that Blackhole exploit kit creator (aka “Paunch”) was sent to jail for seven years. His accomplices will also spend between five and eight years in a Russian prison. LinkedIn had a lot of mentions of the news with joyful comments and numerous likes. Back in 2013, Jerome Segura, security researcher at Malwarebytes, said the arrest would be “a major event in the exploit kit business, one that could trigger a chain reaction leading to more arrests and disruption.”

So, sounds very promising, doesn’t it? However, if we look into the details of the story, it’s rather a defeat than a victory for our industry. Let’s have a look on five main reasons why:

Nothing really changed, moreover things are getting worse

Despite Malwarebytes predictions, the number of exploit kits is continuously growing, Malware-as-a-Service (MaaS) industry is currently flourishing. Hospitals regularly become victims of cryptolockers, while US Police continuously pay ransoms to cybercriminals. McAfee says that Ransomware surge 165 percent in the first quarter of 2015, meanwhile the largest banks hide cybercrime losses according to the City of London Police.

The victims didn’t and probably won’t get any indemnification

Taking into consideration all the complexities of international law and inter-agencies cooperation, quite probably none of the US and EU based victims will ever get a cent of compensation for the damage caused.

Cybercriminals become much more careful and sophisticated

Since Paunch was halted, almost no more noticeable arrests have taken place (I am speaking about professional Black Hats, not hacktivists or DDoS groups). Cybercriminals have learned the lesson and will never ever expose themselves or leave any technically identifiable traces. The modern Dark Web economy and technical capabilities allow generating cybercrime revenue with almost 100 percent anonymity.

We still did not solve the fundamental problem

I have already written about the problem of intertwined cybercrime and global economy, but it is worth another mention. While the US cybersecurity market is continuously increasing salaries, creating a perfect breeding ground for a cybersecurity bubble, many young talented engineers from developing countries can barely make ends meet at the end of each month. Obviously and unsurprisingly, some of them join the dark side. Until we remove artificial and bureaucratic barriers that prevent talented individuals from all continents to commit their knowledge and skills to the global cybersecurity industry, we are doomed to see the exponential growth of cybercrime.

The future is questionable

Taking into consideration the advanced technical skills of the prisoners and the particularities of the ex-USSR penal system, don’t be surprised if their knowledge will be called on by some powerful bodies after or during the prison term. God only knows what they may create afterwards.

Therefore, instead of celebrating the imprisonment, we shall rather focus on continuous improvement of our own industry to deliver the highest value to our customers by mitigating the real risks in right priority. Otherwise, we will never slow down the cybercrime.


Ilia Kolochenko is a Swiss application security expert and entrepreneur. Ilia holds a BS (Hons.) in Mathematics and Computer Science, and is currently performing his Master of Legal Studies degree at Washington University in St. Louis.

Starting his career as a penetration tester, he later founded web security company High-Tech Bridge, headquartered in Geneva. Under his management, High-Tech Bridge won SC Awards Europe 2017 and was named a Gartner Cool Vendor 2017 among numerous other prestigious awards for innovation in application security and machine learning.

Ilia is a contributing writer for SC Magazine UK, Dark Reading and Forbes, mainly writing about cybercrime and application security. He is also a member of the Forbes Technology Council.

The opinions expressed in this blog are those of Ilia Kolochenko and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.