Labor Day weekend is finally here, and that means a great many things are upon us. Cookouts have come and gone. Beer, burgers and chicken wings have been consumed. Kids who have terrorized the house all summer will finally be back in school. And we’re just days away from the NFL season kicking off. Most importantly, Labor Day is the one day each year when I make some of the most crucial decisions of the entire year: our league’s fantasy football draft.

In preparation I’ve been digging though the data, crunching the numbers, and preparing to draft the perfect team. And as I dove deeper and deeper into cybercrime data this weekend, I had another thought: if I was drafting a fantasy cybercrime roster, who would make the cut?

So we started our own league here at HackSurfer, the HackSurfer Fantasy Cybercrime League.

Here’s the breakdown needed to create a full roster:

  • 1 Quarterback (Industry sector — Government, Utilities, etc.)
  • 2 Wide Receivers (who are your to top Targets?)
  • 2 Running Backs (what Actors can keep pounding away?)
  • 1 Tight End (One with a more common Practice like DDoS, or one with a specialized skillset like RFI attacks or APTs?)
  • 1 Defense/Special Teams (what’s your team’s philosophy: Hacktivist? State-sponsored? Individual?)
  • 1 Kicker (which Effect will help push your team over the edge?)

1) Who’s going to be your star?

This is the make or break moment, the team’s leader, the head honcho. Most people are after the power players that ooze cybercrime — Financials, Government, Social Media, Telecom — but don’t forget about those players that often get forgotten. I don’t think anyone has had quite as good of a training camp as the Entertainment industry. Look at those numbers! Peaking with a lot of high-profile hacks just as the season kicks off …

Entertainment Chart

If you can’t snag a trendy industry and have a late-round pick, no worries. Don’t forget about smaller players like Utilities who may come on strong. They’ve got the backing of experts like Gen. Keith Alexander as having serious cybercrime potential. Think of them as a sleeper with the chance of a big upside, though they may be a little hit and miss.

utilities charts

2) Look to lock up some high-scoring targets early in the draft

There’s one sector that’s been lighting up the charts with hacks the past week: the Entertainment sector.

Entertainment Top Targets

Everyone will be jumping on these players, so they’re likely overvalued. Hell, the New York Times is getting so much press it made the top five twice. While your opponents are busy fighting over the flashy names, check out some of the targets available in the Government or Retail sectors. Both industries have a broad steady base of cybercrime, so while the hacks and breaches do get spread out, there’s enough firepower that something is bound to come your way. Slow and steady wins the race.

Government Top Targets

Retail Top Targets

3) Get a workhorse actor if you can

There’s a lot of actors out there, and many of them are flash-in-the-pan prospects: hot for a second, then quickly off the radar. Just take a look at some of the players who cracked the top 25 in Social Media like @Official_SEA16. They seem like hot pick if you can’t get the official “Syrian Electronic Army,” but remember the injury factor. Twitter has roughed up the SEA 15 times previously. Who knows how long that handle will last.

Social Media top actors

Best to go with a proven work horse like AnonGhost or Mauritania Attacker who will be in it for the long haul. There’s a lot of actors, so dig through each industry and study up.

4) Rounding out your team with Practice

It’s important to remember practice (right, Iverson?), but there’s so many different approaches in the cybercrime world. Let’s take a look at the Financials sector:

Financials top practices

Amateurs may jump on practices like DDoS and malware thinking they’re top dogs, but look at return on investment. The Zeus trojan has scored plenty of big hits. And advanced persistent threat? Sure, it isn’t as pervasive and scoring on a day-to-day basis, but when it does hit, it hits big. Some go for the safe approach, but if you play for the big score and land it, you may find yourself winning the cybercrime league.

5) The key strategy — Choosing a philosophy

Different industries tend to favor different philosophies. Government leans strongly towards hacktivism for example. But take a look at Telecom:

Telecom actor breakdown

If you find yourself with an industry like this, the choice isn’t so clear cut. Your team may lean hacktivst or it may lean towards individual. Some even go out on a limb and try to build a team around state-sponsored or organized crime. The important thing is that you stick to your identity and weigh the pros and cons. Individual gives you much more freedom in how to push the team, but something like state-sponsored gives much more resources.

6) And let’s not forget the most important element — the effect

With all the talk about cybercrime actors and targets and how everyone is perpetrating these actions, it’s easy to forget the effect it has on everyone. Let’s look more closely at one sector, Government, to get a better idea of our choices:

government effects

Generally you’re trying to steal data, steal money, promote a cause, or just get some laughs. Money is usually the top prize, but don’t overlook the potential of a targeted campaign that steals valuable intellectual property. And as actors like the Syrian Electronic Army have discovered, delivering some basic vandalism or account hijacking can go a long way if you can get it caught in the media echo chamber and amplified.

That’s it. Best of luck on getting a proper cybercrime team. As always, we have tons of data and are refining it daily, so if there’s something in particular you’d like to see, shoot us an email: