Once the domain of hackers, cybercrime is now becoming a business. Instead of bragging rights, the new goal is making money. With the growing popularity of software-as-a-service (SaaS), the entry of the shadier side of the computing world into this arena hardly comes as a surprise. Three stages mark the development of 'crimeware as a service' (CaaS). Online sales of such personal information as credit card numbers and e-mail addresses came first, followed by selling information and software kits designed to exploit computer system weaknesses. More recently, online outlaws have created 'botnets,' groups of hijacked computers whose malicious software can be activated remotely and used to flood websites with spam and bogus requests. Just as with any SaaS product, these commercial hacking services can be rented out and paid for via a web browser. And just as SaaS enables companies to rely less on in-house technicians, the criminal equivalent means that online miscreants no longer need to be hackers. Costs vary from a few cents per targeted machine to about $1,000 or more per month. This market is expected to expand, but there may yet be a limit to the CaaS business market. Potential users may be discouraged by the fact that CaaS providers still must advertise and thus could attract the attention of the authorities. Still, CaaS proves that anything that is computerized will, at some point, be offered as an online service.