Today, everybody wants to be an entrepreneur. But you can’t just start something for the heck of it and do what everybody is doing. Most sectors like banking, payments, insurance, lending, wealth-tech, etc., are crowded. There’s a ton of money chasing startups in these sectors. Even if you start, let’s say, another lending platform, the odds of you being successful, let alone a unicorn are pretty much zero.
To be really successful, you need to do what very few people are doing in places where no one is looking. If you’re one of those people wanting to start another Neo Bank and are reading this, close this page and get the fuck out of here. I’m serious, go away, shoo! You and your bloody neo banks and your bullshit can go suck a lemon.
There are only so many opportunities in the legal economy. But the illegal shadow economy is a land of opportunities. And unlike the legal economy, you don’t have to wait for decades to make money either. You can literally build a billion-dollar company within 5-10 years. No registrations, no regulations, no worrying about any of the other pointless bureaucratic nonsense you have to put up with in the white economy. And if you’re one of those naive fools who believe in bullshit like morals, ethics etc., I got one question for you, do you want to make money or quibble about what’s right and wrong?
The global cybercrime industry is one of the fastest-growing sectors in the shadow economy. Since it’s in the, well, shadows, it’s tough to estimate the size accurately. But to give you a rough idea, this estimate puts the revenues at $1.5 trillion. This is as of 2018, so it would’ve grown quite a bit, well into the $2+ trillion mark. Cybercrime, according to Cybercrime Magazine, could cause over $6 trillion in damages. If cybercrime were a country, it would be the third-largest economy in the world. That’s your opportunity size or TAM (Total Addressable Market). And what’s more, it’s largely untapped, and there are very few risks. According to the WEF, only 0.05 per cent of cybercrime cases in the US were prosecuted. So, you don’t have to worry at all!
The opportunities
Well, if you don’t want to do something completely illegal, whatever that means, you can build cyber espionage products exclusively for governments. You might have heard about all the ruckus surrounding the leak of 50,000 phone numbers that were apparently targets of Pegasus, a spyware tool developed by NSO Group, the Israeli cyber-surveillance company. According to the news reports, the targets included several heads of state, top politicians, journalists, and activists. But I’m not going to talk about it. There’s already too much news about this.
Let’s stay on point and focus on making money. So how can you make money from governments?
In the past decade, the world has been becoming a less democratic place.
That’s a good thing for you as an entrepreneur because there are more governments that want to kill, torture, and spy on people. The market is growing rapidly too.
Let me tell you a true story. There was once a man called Diktator Tyrantino, lovingly called Dik, in the province of Adjikistan. It’s been rumoured that Quentin Tarantino and Diktator are related, but more on that later. The province was ravaged by wars with neighbouring enemy Buranda, and people were quite poor. To make things worse, there was a great famine from 1905-1908. The entire populace was on the verge of dying from hunger and disease. But luckily for Adjikistan, it was strategically located between a group of democratic and autocratic countries.
The Amrikans loved democracy. They wanted to export freedom everywhere, being ever so large-hearted. Now, Diktator was the leader of a small group of guerillas who had banded together to defend their village. Diktator was big, bulky, and looked like a middle-eastern Rocky Balboa. The Amrikans knew about Diktator, and more importantly, they hated Buranda because they supported communist Ruskies. So, they started to send Diktaor money and weapons to fight the Burandans and the Ruskies.
The war escalated, and the Amrikans poured money and weapons into Adjikistan. Diktaor became the hero of the people and was elected President too. After a 10-year war, the Ruskies had become weak and stopped supporting the Burandans. So the Adjikistanians finally defeated the Burandans and declared independence under the leadership of Diktator. Things were good. But over time, the Adjikistanians started listening to dichik dichik music and starting wearing T-Shirts. Diktator was a pious man, and he didn’t like it at all. He banned all Amrikan stuff.
But people didn’t like it, and they started resenting Diktator. Some even wanted to get rid of him. Dik came to know of this and killed those people. He started becoming paranoid and started blaming the Amrikans for everything. His paranoia only grew with time. Every morning, he used to go to work, kill and torture people. This is why the rumour that Quentin Tarantino and Diktator Tyrantino were related because people get chopped like vegetables in his movies.
This was the time he had a son and had named him Despot Tyrantino. Despot adored his dad. He used to watch his dad go to work and kill people every day, and he aspired to be like him. By then, he had started strangling dolls and cucumbers. The world was changing, and in the 1980s, Dikator died, and Despot Tyrantino assumed power.
This was the time when technology was starting to eat the world—first TV, Radio and in the 2000s, the internet. Despot wasn’t as smart as Dik, and to stop the Amrikis from corrupting his people, he continued his dad’s tradition of killing people. Despot loved killing people. After breakfast, lunch, dinner, he just went and killed people; it was his favourite hobby.
But it wasn’t enough. There were too many enemies, and he constantly cursed the Amrikis. He even had Amrikan flag-themed toilet paper.
He had enemies everywhere who were using technology to plot against him. He needed technological help to spy on his people. Now the Amrikans spent $750 billion on defence and had a dedicated hi-tech agency called the National Security Agency to spy on everyone, even mosquitos. But Adjikistan was broke. If Diktator wanted to spy on and kill his people, he couldn’t do anything! He needed help in defeating the imperialist Amrika.
Now, there are 100s of hard-working tyrants, autocrats and dictators around the world like Despot who don’t have serious tech resources to spy on people. In any given month, they have to find, kill and torture a lot of people like journalists, activists, and politicians. This is a huge market worth billions.
The opportunities for aspirational entrepreneurs with ambivalent morals to serve hardworking and honest tyrants like Despot are endless.
Cyber espionage
There’s a mega opportunity for someone to be the Amazon of cyber espionage. Take the case of the NSO Group. It’s in the business of providing cyberweapons like Pegasus to governments and govt agencies. For some context, here’s how Pegasus works:
The software can be planted on phones remotely by sending a text message to the phone with a link — when the user clicks on the message it takes their phone’s browser to a malicious site that downloads the malware. Or it can be planted on phones with what’s called a zero-click exploit. A zero-click exploit is malware that can be sent via an iMessage, for example, that doesn’t require the user to interact with it at all before it installs the spyware on their phone.
Governments and other agencies can buy these tools to hack the phones of their targets, read their messages, record calls, and videos.
Here’s how much you can sell these tools for:
Much like a traditional software company, the NSO Group prices its surveillance tools by the number of targets, starting with a flat $500,000 installation fee. To spy on 10 iPhone users, NSO charges government agencies $650,000; $650,000 for 10 Android users; $500,000 for five BlackBerry users; or $300,000 for five Symbian users — on top of the setup fee, according to one commercial proposal. You can pay for more targets. One hundred additional targets will cost $800,000, 50 extra targets cost $500,000, 20 extra will cost $250,000 and 10 extra costs $150,000, according to an NSO Group commercial proposal. There is an annual system maintenance fee of 17 percent of the total price every year thereafter.
Take the case of Candiru, named after a parasitic fish that invades the human body through the urethra. OUCHH! It’s another Israeli based cybersecurity company that competes with NSO. Here’s how much they charge:
Like many of its peers, Candiru appears to license its spyware by number of concurrent infections, which reflects the number of targets that can be under active surveillance at any one instant in time. Like NSO Group, Candiru also appears to restrict the customer to a set of approved countries.
The €16 million project proposal allows for an unlimited number of spyware infection attempts, but the monitoring of only 10 devices simultaneously. For an additional €1.5M, the customer can purchase the ability to monitor 15 additional devices simultaneously, and to infect devices in a single additional country. For an additional €5.5M, the customer can monitor 25 additional devices simultaneously, and conduct espionage in five more countries.
The more services you can hack into, the more you can charge:
The proposal states that the spyware can exfiltrate private data from a number of apps and accounts including Gmail, Skype, Telegram, and Facebook. The spyware can also capture browsing history and passwords, turn on the target’s webcam and microphone, and take pictures of the screen. Capturing data from additional apps, such as Signal Private Messenger, is sold as an add-on.
But several authoritarian countries like Saudi Arabia, Rwanda, and UAE, with atrocious human rights track records, are apparently customers of NSO. But NSO doesn’t care about shit like doing the right thing and clean conscience etc. It’s in the business of making money. In 2020, it had revenues of $243 million and an EBITDA of $99 million. In 2019 it was acquired by Novalpina, a London-based private equity outfit at a $1 billion valuation! All this within a span of 10 years. It would have taken you twice or thrice that to do it legally.
What’s more, you get the patronage of nation-states to run your business if you pick the right location. The founders of NSO, for example, were part of the famed Israel intelligence group unit 8200. The nexus between Israeli cybersecurity companies and the intelligence branch runs quite deep. So these companies have the political patronage of the state:
A 2018 study cited by Haaretz estimated that 80% of the 2,300 people who founded Israel’s 700 cybersecurity companies had come through IDF intelligence. Private Israeli companies have sold surveillance technology to Malaysia, Botswana, Azerbaijan, Angola, Honduras, Peru, Nigeria, Ecuador, Mexico, Ethiopia, Kazakhstan, Trinidad and Tobago, Colombia, Uganda, and the United Arab Emirates. The industry’s collective sales are near $1 billion annually.
Russia is the home to the world’s largest hacker groups, ransomware gangs and darknet marketplaces like Hydra that sell everything from drugs to weapons. But the Russian government doesn’t care. It just has one rule, don’t bite the hand that feeds you.
So, you need to pick a friendly location on your journey to be the fastest unicorn.
Cybercrime as a service
In the last decade, software as a service (SaaS) has become a dominant pricing model in software. The reason for the popularity is obvious – recurring revenues. Before SaaS, software companies sold one time licenses. But recurring revenues are much more lucrative.
It’s the same with cybercrime, there’s a fundamental shift in the nature of the crime, and it’s become increasingly professionalized, which is making things more lucrative and less risky:
The emergence of a complex and multi-layered cybercrime economy has also begun to suggest a fundamental shift in the very nature of crime itself. In this context, overt acts of crime become less central features of the criminal ecosystem when compared to the services and platforms that feed off and support crime – which become increasingly low-investment, high-yield and low-risk operations. The result is a shift towards platform models of criminality, mirroring shifts in the contemporary global economy that have been characterised as “platform capitalism”. This term describes how companies like Uber, Google, Facebook, YouTube, Instagram, LinkedIn and so on are now able to generate
The opportunities here are endless. In a previous issue, we talked about ransomware, another billion-dollar opportunity. If you aren’t aware, ransomware is the act of hacking into companies’ servers, locking them out and extorting them for money. It’s quite lucrative; the average ransom payment was over $300,000.
Maersk, a global shipping company, wrote down $300m in losses related to a ransomware attack in 2017. Travelex, a British currency trader, collapsed last year, with the loss of 1,300 jobs. An attack that took its systems down at the end of 2019 was partly to blame. Despite coughing up 285 Bitcoin—then worth around $2.3m—the firm lost about £25m that quarter. It attributed most of that to the attack.
If you’re smart, just like Saas, you can offer ransomware as a service (RaaS). Once you develop an exploit, instead of doing all the hard work and ransoming someone, you can offer it as a service, sit back and make money. You can charge a nice fee plus a cut of the exploit proceeds. This is emerging as quite a lucrative model. The opportunity to be the Amazon Web Services (AWS) is wide open.
Just look at the cyber insurance premiums, which shows you how fast the ransomware market is expanding. Funnily enough, Axa, one of the largest cyber insurers, was hit with a ransomware attack.
Let’s say you’ve designed a new malware; again, instead of doing the dirty work, you can offer your Malware-as-a-Service (MaaS). Same with distributed denial of service (DDoS) attacks. Instead of launching the attack yourself, you can offer it as a service. Here are the average prices for offering DDOS as a service:
Here’s the best part, show me a so-called legal business with a 70% margin!
The use of botnets for DoS attacks has proven to be a particularly profitable endeavor for many cybercriminals who extort money from website owners by threatening an attack that would overwhelm and shut down their services. Researchers have estimated that a botnet costing only $60 a day can inflict as much as $720,000 in damages on victim organizations,59 and the hackers controlling the botnets enjoy a profit margin of more than 70%
The Amazon of crime
Today, if you want to be a loser and sell things legally, it’s quite easy. You signup up on Amazon and start selling. Amazon will take care of everything from billing to logistics in return for a cut. Similarly, e-commerce for crime is a mega opportunity. But people like Sequoia and Softbank are missing out on it.
Worldwide, cybercriminals rake in at least $1.5 trillion every year — an amount equal to Russia’s gross domestic product (GDP), according to research by Dr. Michael McGuire, senior lecturer in criminology at Surrey University and commissioned by security firm Bromium. In fact, if cybercrime were a country, it would have the 13th highest GDP in the world. McGuire’s revenue figure includes estimated earnings of $860 billion from illicit or illegal online markets, $500 billion from intellectual property theft, $160 billion from data trading, $1.6 billion from crimeware-as-a-service, and $1 billion from ransomware. The research presents evidence that cybercrime revenues often exceed those of legitimate small to midrange companies.
Being a marketplace selling stolen banking data, Netflix logins, stolen documents, malware, email dumps, social media logins, drugs is a lucrative business. Your customers are everyone from potheads to small authoritarian governments like Tyrantino and the North Koreans.
Here’s how much Hydra, the largest darknet marketplace, made. If Hydra was listed, it would be worth at least $20 billion:
Although the number of darknet purchases fell during the pandemic, total revenues rose by 23% to $1.75 billion in 2020. Hydra made a $1.37 billion profit during the pandemic in 2020, up from 9.4 million in 2016.
Here are all the illegal things that can be sold and the latest prices for your market research.
Disinformation as a service (DaaS)
The key to being a successful dictator is propaganda. Since you’ll be busy killing people, you can’t let that news come out unfavourably. So, you need a team of people who spin every piece of negative news about you positively. You also need to constantly spread propaganda that external enemies like the Amrikis are trying to take over your country and kill you. But all this requires resources and can be expensive.
But as a dictator, you’ll be busy torturing and murdering people, which is a high priority administrative task. The good thing is that you can outsource your propaganda. You now have disinformation as a service (DaaS) platforms that can spread your propaganda for a reasonable fee.
Launching a disinformation campaign was a simple process, and both Raskolnikov and Doctor Zhivago were very informative and helpful. Their services were advertised on popular Russian-language underground forums, where they listed their Jabber and Telegram handles for all to see. Both actors had pricing models showing the cost of content generation so you could budget out your disinformation campaign. Doctor Zhivago’s services were priced very specifically, as seen below:$15 for an article up to 1,000 characters
$8 for social media posts and commentary up to 1,000 characters
$10 for Russian to English translation up to 1,800 characters
$25 for other language translation up to 2,000 characters
$1,500 for SEO services to further promote social media posts and traditional media articles, with a time frame of 10 to 15 daysRaskolnikov, on the other hand, had less specific pricing:$150 for Facebook and other social media accounts and content
$200 for LinkedIn accounts and content
$350–$550 per month for social media marketing
$45 for an article up to 1,000 characters
$65 to contact a media source directly to spread material
$100 per 10 comments for a given article or news story
These campaigns can be quite successful. It’s human nature:
Falsehoods spread farther, faster and deeper than true information, according to a 2019 MIT study. Its longitudinal study of news stories on a specific social media platform from 2006 to 2017 found that false news reports are 70% more likely to be retweeted than true news stories — and they reach the first 1,500 people six times faster. (The effect is more pronounced with political news than other categories.) The study also found that bots spread true and false information at the same rates and concluded that individuals are the ones amplifying the false information.
Cybercrime EdTech
EdTech is not just hot in the white economy; it’s equally hot in the shadow economy as well. You can make some decent money selling tutorials and guides on how to commit fraud. Several experienced fraudsters are conducting online classes at affordable prices.
The report also discovered that fraud guides are cheap. The average cost for a single guide was $3.88, while a collection of guides sold for $12.99. The average price across all guides was $7.80. The most expensive individual guide ran $58 and taught people how to build synthetic identities. The cheapest individual guide cost 99 cents and was a brief tutorial on how to hack home Wi-Fi passwords.
How to make money as a dictator?
Let’s say you’re a dictator, but the western Amrikis and Europis hate you and have imposed sanctions; money will be a little tight for you. But luckily, the internet is like a wonderland if you want to make money. You can make some serious money by hacking, stealing, and ransoming. Take the example of North Korea. It’s among the poorest countries in the world, crippled by American sanctions. Its people don’t even have enough food to eat, and Its two biggest exports are Coal and Methamphetamine. But despite that, it has managed to achieve nuclear capabilities.
If you’re wondering how, it’s through all the money it makes from hacking and stealing. North Korea is legendary for its cyber exploits. Here are a few crazy capers:
Lazarus, the North Korean state-sponsored hacker group, hacked the Bangladeshi Central Bank and almost stole $1 billion but for a last-minute hiccup. But they still made away with $81 million. They hacked a central bank, let that sink in for a while.
They unleashed the Wanna Cry ransomware attack across 150 countries, causing over $4 billion in damages.
They stole millions from ATM cash-out schemes across multiple countries, including $13 million from the Indian bank Cosmos.
It has hacked multiple crypto platforms and exchanges and stolen billions. It even created its own blockchain and cryptocurrency called Marine Chain to steal money.
Not just this, there are millions of gullible people to hack and steal money across the globe. According to this survey, 120 million Indians were victims of some sort of cybercrime, and 27 million Indians had their identities stolen. Now imagine, if you had an army of hackers, you could run your economy solely based on illicit gains even if the Amrikis want to export freedom to your country.
Not a TOP. Not a TOP. Not a TOP. Not a TOP. Not a TOP.
An Indonesian preacher is so popular that he is quite literally moving the markets. Recently, two stocks that he mentioned went up 45% and 55%
Jam’an Nurchotib Mansur isn’t your run-of-the-mill ustadz, or Muslim teacher. As a young man, he spent some time in jail. Today, at 45, he runs an asset management business on the side, and led a deal to invest in a local bank. When he’s not preaching, he posts stock picks to his social media accounts, where 13 million followers tune in for inspiration.
“I don’t understand stock trading, but I usually look at his postings for ideas,” says Fithriyah, a 35-year-old who follows Mansur’s Instagram account and started investing only this year.
Not a top!
Continuations
The CCP mafia continued its crackdown on Chinese companies since the last post. The State Administration for Market Regulation (SAMR) imposed fines of US$77,000 on 22 companies, including Baidu, Tencent, Alibaba, Xiaoju Kuaizhi (Didi). It’s a tiny fine, but apparently, that’s the maximum allowed. But it’s the message that matters.
Tencent Music, which is almost a monopoly, was also ordered to relinquish its musical rights:
TME was spun off for a 2018 listing in New York and is China’s biggest music streaming player with more than 622 million monthly active users (MAUs) from three streaming apps QQ Music, Kugou and Kuwo. Combined, the platforms had a library of 66 million licensed tracks by the end of 2020, according to the company.
TME’s closest rival is NetEase Cloud Music, which had 181 million MAUs and 60 million tracks as of December 2020, according to the prospectus of Cloud Village, operator of the app.
The CCP mafia also shifted its gaze toward EdTech companies that have grown phenomenally over the years. Reports suggest that the mafia wants companies offering tutoring to school kids to become non-profit companies.
Beijing on Saturday published a plethora of regulations that together threaten to upend the sector. The nationwide crackdown stems from a deeper backlash against the industry, as excessive tutoring torments youths and burdens parents with expensive fees. Once regarded as a sure-fire way for aspiring children (and parents) to get ahead, it’s now also viewed as an impediment to one of Xi Jinping’s top priorities: boosting a declining birth rate.
The move threatens to decimate China’s $120 billion private tutoring industry and triggered a heavy selloff in shares of tutoring firms traded in Hong Kong and New York including New Oriental Education & Technology Group and Koolearn Technology Holding.
It also is restricting foreign investments in the sector. Several major funds have investments in Chinese EdTech startups. It remains to be seen as to what will happen.
Noah Smith also published a really interesting piece on the possible motivations behind the CCP’s crackdown.
Good reads
What About Beta? | The Demise of Alpha
The Zomato IPO: A Bet on Big Markets and Platforms!
The great Indian edtech refunds scam
Learning From Bad Inflation Takes
Welcome to the Church of Bitcoin
Need your opinion, please click some buttons on this poll.