The old hacker stereotype\u2014the antisocial lone wolf with coding skills\u2014has been eclipsed by something far stranger: the cybercrime enterprise.\u00a0 This mutant business model has grown exponentially, with annual cybercrime revenues reaching $1.5 trillion, according to a 2018 study by endpoint security provider Bromium.The sophistication of cybercrime operations underpins this scale of damage.\u00a0 The only explanation is that profit motive is fueling an engine that has driven the creation of effective organizations.\u00a0 But these organizations are curiously subject to many of the vicissitudes of normal business.\u00a0Perhaps the oddest outcome of this state of affairs is watching global cybercrime syndicates suffer under conventional business problems like PR difficulties.Lines of businessWhat we think of as criminal activity, the cybercrime enterprise thinks of as lines of business.\u00a0 Anything that does not drive revenue\u2014hacking for the sake of destruction or personal gratification of some kind\u2014doesn\u2019t figure in here.\u00a0The business of for-profit cybercrime can be seen as 6 main lines:Cyber theft\u2014the act of stealing money or other assets (like user data and intellectual property) from organizations and individualsIllicit data trade\u2014data that is stolen (think credit card info and other personally identifiable information) is bought and sold and then used to perpetuate further theftWeb-enabled blackmarket\u2014 web-enabled trade in illegal goods like drugs and wildlifeCrime business tools and services\u2014the cybercrime shadow of normal business services, like jobs boardsCrimeware\/cybercrime-as-a-service (CaaS)\u2014any of the variety of tools that are used to enable the other activities, think exploit kitsRansomware\/ransomware-as-a-service (RaaS)\u2014encrypting data and holding it for ransomHow are we to understand services like hacker job boards and stolen identity marketplaces?\u00a0 They are like the evil twin of normal services.\u00a0 They serve a business purpose, and if not for the nefarious end goal, they could be perfectly legitimate.\u00a0 They are like a promising student who would succeed if they applied the same effort to studying as they do to cheatingBut the reality is, they do serve and enable harmful ends.\u00a0 From the private shock of losing account access to the collective burden of crippled infrastructure, the toll is high. Numbers across all these lines of business are hard to nail down, but Sophos\u2019s 2020 State of Ransomware study found that \u201cthe average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is US$732,520 for organizations that don\u2019t pay the ransom, rising to US$1,448,458 for organizations that do pay.\u201dHR and PREven normal IT employees suffer a high degree of burnout and mental health challenges\u2014imagine all that with the addition of knowing your work is devoted to adding misery to the world.\u00a0Some of that can be attributed to simple greed: IT workers in the crime business do stand to make more than the others.\u00a0 Also, some people just lack a conscience.\u00a0 But here we are talking about sprawling organizations with communities of hundreds of employees.\u00a0 The kind of results achieved mean a high degree of persistent, united effort from many people.One prominent thing that came out of the Ukraine invasion-inspired Conti leaks is just how typical the lives and work is for modern hackers.\u00a0 Security researcher Daniel Cuthbert echoes this sentiment, remarking that \u201cWhat came out of this leak, to me at least, was the mundane aspects of office life. Romance, time off, interacting with colleagues, distrust, etc.\u201dJust normal people, putting in the hours to pay the bills.The ability to blank out the nature of the work has to be buttressed with some kind of philosophy\u2014some countervailing meaning.\u00a0 Something like, it\u2019s the downtrodden Slavic nations struggling against the greedy American-led West.\u00a0 (This is also the reason for the stated, but loosely implemented, commitment by many ransomware groups to not attack organizations like hospitals.)At the very least, the rule is: we don\u2019t attack our own.\u00a0And so we can see clearly the dramatic effect the breakdown in that justification had in the collapse of Conti.\u00a0 By supporting the devastating attack on their fellow Ukrainians, the contract was broken.\u00a0 It was a colossal PR misstep.\u00a0 It resulted in a grievous blow to Conti\u2014to their brand, as many have described it.\u00a0Many analysts (myself included) believed that Conti would weather the blow diminished but still operational.\u00a0 We underestimated the effects.\u00a0 The model we used was not tuned quite right.\u00a0In normal business, such a gaffe would mean firing the PR firm, replacing the CMO, perhaps an aggressive rebranding and damage control. Not so in Conti\u2019s case. The blow to the illusion of the work being just was existential.\u00a0 The cognitive dissonance just became too much.\u00a0 Conti appears to be no more.Cybercrime enterprise has embraced the utility of PR.\u00a0 It has become common practice to issue press releases regarding prominent hackings.\u00a0 The promotion of the Costa Rica attack by Conti was a bid, though ultimately unsuccessful, to remain relevant.\u00a0 For cybercrime, the image is important as a way to both attract workers and menace victims.Another way ransomware gangs have figured out to use the media is in threatening to release stolen information.The big pictureLike conventional organized crime, there is a certain interface between cybercrime groups and corrupt or unethical government elements.\u00a0 In cybercrime enterprise, the distributed flexible power of the web has meant the growing interplay between hacking and nation states.\u00a0 It\u2019s virtually impossible to completely disentangle them.\u00a0 Cyberspace has become a key realm of activity for all, including nations in their jockeying for power and status.Much of enterprise crime thrives with implicit or explicit government support and may in fact be espionage and sabotage, harnessed to a business model.\u00a0 Where is the line between cyberwarfare and cybercrime?\u00a0It\u2019s tough to say.\u00a0 It\u2019s a strange business.