To see is to believe...

In criminal investigations, the "CSI effect" has become a serious problem in the USA: Jurors are "corrupted," for example, by methods and timelines exemplified in popular crime series.

Now that there are also movies and series set in the "cyber" environment, this problem is also slowly spilling over into IT security.

Of course, it is impressive when "the good guys" "disintegrate" the enemy firewall with effective Trojan bombardment.

The password cracker, which tries out all passwords in ten minutes, or the anonymous Internet user, who can be effectively unmasked over several stations on a world map, are also not to be sneezed at.

Light years from reality

Almost everything in film and television has to be visually appealing. And where this is not the case in reality, things are just made to look better.

Often beyond recognition: alleged "hackers," whether on the right or wrong side, are stereotypically portrayed as "nerds": either the chubby variety with black clothes and long hair - or aspen-faced, wearing a lumberjack shirt and black horn-rimmed glasses.

In both cases, however, coupled with the necessary criminal energy. But IT security today is neither visually spectacular nor simple.

In many cases, it is simply boring for outsiders. Criminal activities in cyberspace are also rarely carried out by technical and criminal geniuses.

On the contrary, as in "normal" industry, there is a clear division of tasks: those with the technical knowledge to create attack tools of any kind are not necessarily the ones who use them.
A very good description of the current situation is provided by the recently presented "Bundeslagebild Cybercrime 2014" of the Federal Criminal Police Office. This explicitly addresses the growth of cybercrime as a service: Criminal clients can use it to carry out IT attacks without needing technical knowledge or infrastructure themselves.

While the cybercriminal underground has already undergone its own industrial revolution in the past (work processes characterized by a strong division of labor and optimization), it has now arrived at a service society.

This conclusion is consistent with Trend Micro's observations. For years, we have been monitoring the cybercriminal underground in various regions, including North and South America, Africa, Asia, and Russia.

Not only the actors are of interest, but also the type of tools offered, services and their prices allow interesting conclusions to be drawn.

We have published the latest results on the Russian underground in the study "The Russian Underground 2.0". It clearly shows that the Russian underground is currently the most professional and advanced market. On the one hand, there are highly specialized tools and techniques.

But even without a technical background, there is a wide range of services on the other side.

So there's something for everyone - whether tech-savvy or "just" criminal. So reality stands in contrast to fiction. You don't need a technical and/or criminal genius.

The criminal energy and the necessary small change to buy a service do the trick. And the technical expertise is already included here.

The cyberspace exemplified in film and television is visually imposing - and as long as we don't forget that this is far removed from any reality, there is nothing to prevent a relaxed movie experience.