Matthew T Grant

What got me thinking about this was a story about black tar heroin in the LA Times back in February. The sub-headline read, “Sugar cane farmers from a tiny Mexican county use savvy marketing and low prices to push black-tar heroin in the United States.”

The specifically savvy marketing in this case involved putting a premium on customer service (being willing to deliver even relatively small amounts), customer satisfaction (they called to check on quality), customer referral programs (discounts if you bring in new customers), etc.

Oddly enough, just prior to learning of this underground marketing success story I had written about the marketing techniques of the botnet masters. And then, soon thereafter, I heard an episode of OnPoint focused on Bernie Madoff and one of the guests, Frank Casey said, “We understood the ‘game’ of exclusivity and we understood that was his marketing concept.”

In other words, I’ve come to realize that no matter how much people malign marketing, they cannot deny its critical role in every kind of business success. The reality of the value marketing brings to any enterprise, far from being difficult to demonstrate, is in fact undeniable.

As proof of this contention, I submit the fact that “marketing” is a recognizable function in the dark allies and backrooms of underground economies, where many conventions of the above-ground economy – signage, agencies of record, HR- are eschewed in the name of fugitive efficiency.

Interestingly enough, and more as an aside, Frank Casey also points out that, in addition to his marketing concept, Madoff’s scheme relied on a sales (or at least a business development) function. As Casey puts it, “There was always somebody in the middle that was willing to make money feeding victims into the monster.”

Ouch!

Image Courtesy of indfusion.

Did you know? “[Infected] URLs have really and truly become the most dangerous force in the world of cybercrime.”

Well guess what? One method used for corrupting them is called “SQL Injection.”

I learned about SQL Injection while exploring the weird world of botnets: vast networks of “zombie” computers used to produce spam (“90 percent of all e-mail worldwide is now spam“) and steal information from people. Turns out computers are enlisted into these vast zombie armies via websites that have been infected with malware (sometimes called “badware“) using technique’s like SQL Injection.

(On the continued use of this rather mature hacking method, Matt Hines wrote, “Once again we’re seeing that when it comes to online malware and data theft, attackers seem to have little motivation to create altogether new breeds of assaults, as well-known practices such as SQL injection remain so effective.”)

I did not realize that there were people on Earth known as botnet masters (as in the phrase “the topologies used today by botnet masters“). Nor did I realize that there are competing botnet developer kits and that descriptions of them, such as this one from Damballa‘s Gunter Ollman, read surprisingly like rather typical techie on-line reviews:

Zeus is an interesting DIY malware construction kit. Over the years it has added to its versatility and developed in to an open platform for third-party tool integration – depending upon the type of fraud or cybercrime the botnet master is most interested in. Along the way, many malware developers have tweaked the Zeus kit and offer specialized (and competing) major versions of the DIY suite (for sale). As such, the “Zeus” kit has morphed and isn’t really even a single kit any more. You can find Zeus construction kits retailing between $400-$700 for the latest versions – dropping to “free” within a couple of months as pirated versions start circulating Torrent feeds.

I think I understand how the sales process works for these kits (which go for between $400-$700). What I don’t understand is how the marketing function works for them.

For example, is there a hard division between sales and marketing in these organizations? Do the kits have product managers? What kind of market research leads to the final decision to go with this or that set of features? Is there after-sale support or is that all community based? And so on.

Can anybody out there give me some answers (without, you know, assimilating me into a botnet)?

BTW: The botnet masters have found a novel business benefit for social media: they use it to avoid detection. Marketers take note.