Study supports economic approach to tackling cybercrime

Cybercrime black markets have reached unprecedented levels of maturity and growth, a study reveals

Cybercrime black markets have reached unprecedented levels of maturity and growth, a study has revealed.

These markets have reached significant levels of economic sophistication, reliability and accessibility, according to a report by non-profit research organisation RAND Corporation.

The study commissioned by Juniper Networks also found these markets demonstrate significant resilience in the products, distribution channels and actors involved.

The report claims to examine for the first time these markets in their entirety and applies economic analysis to better understand how they function.

The study suggests the cyber black markets are a mature and growing multi-billion-dollar economy with a robust infrastructure and social organisation.

RAND found these black markets, like any other economy, react to market forces, such as supply and demand, and continue to evolve.

Researchers found that, like other forms of ecommerce, data records, exploit kits and goods are bought and sold from storefronts that range from chat channels and forums to sophisticated online stores.

RAND found some organisations can reach up to 80,000 people, with a global footprint that brings in hundreds of millions of dollars.

Goods and criminal services are on offer with cyber criminal tools sold as traditional software or leased like any other managed service.

This approach enables the most unskilled hackers to make advanced attacks using botnets to launch distributed denial of service (DDoS) attacks, which are available for as little as $50 for a 24-hour attack.

RAND found it takes connections and relationships to move up the food chain, much like a legitimate business, with those at the top taking the lion’s share of the money.

Researchers found many parts of the cyber black market are well structured, policed and have rules like a constitution. Those who scam others are regularly banned or otherwise pushed off the market.

There are also widely available tools and resources on the black markets that teach criminals how to hack, including instructions for exploit kits and where to buy credit cards.

This access to training has accelerated sophistication and has helped facilitate entry into the hacker economy, the report said.

Transactions in the cyber black markets are often made using digital currencies including Bitcoin, Pecunix, AlertPay, PPcoin, Litecoin, Feathercoin, and Bitcoin extensions such as Zerocoin.

RAND found many criminal sites are starting to accept only digital crypto currencies due to their anonymity and security characteristics.

The report, “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar,” is based on in-depth interviews conducted by RAND between October and December 2013, with global experts including academics, security researchers, reporters, security suppliers and law enforcement officers.

Defending against cybercrime markets

“The security industry, government and legal communities must come together to establish new norms for how companies can vigorously defend themselves against cyber-attacks,” said Nawaf Bitar, senior vice-president and general manager, security business, Juniper Networks.

“We must address the root cause behind the accelerated maturation of the cyber-crime market – the economics that drive its success.

“By disrupting the economics of hacking, we can break the value chains that drive successful attacks, and by using forms of active defense such as intrusion deception we can identify, thwart and frustrate attackers,” he said.

Bitar believes “active defence” is a promising approach for addressing the rapidly evolving threat landscape.

Microsoft’s Digital Crimes Unit (DCU) has pioneered disruption of cyber-criminal infrastructure as a strategy for shutting down botnets as quickly as possible and identifying victims.

Taking down the Waledac botnet of hijacked computers in February 2010 was a proof-of-concept strategy that Microsoft and its partners continue to use.

In 2014, Microsoft plans to expand its botnet disruption strategy beyond the US through public-private partnerships (PPPs) in Europe and other regions of the world.

Charles Sweeney, chief executive of security firm Bloxx said the report smashes the misconception that hackers are amateurs, simply out to have a bit of fun.

“The report brings home the harsh reality by demonstrating just how well organised and connected cyber criminals are.

“They run their enterprises like high performing businesses, constantly innovating and looking for new exploits.

“Businesses absolutely cannot afford to be complacent because complacency is what fuels this underground online economy,” said Sweeney.

Recommendation of the report include exploring:

  • How computer security and defence companies could shift their approaches to thwarting attackers and attacks.
  • How bug bounty programmes or better pay and incentives from legitimate companies might shift transactions and talent off the illicit markets into legitimate business operations.
  • The costs and benefits of establishing fake credit card shops, fake forums, and sites to increase the number and quality of arrests, and tarnish the reputation of black markets.
  • Including an offensive component within law enforcement that denies, degrades, or disrupts black-market business operations.
  • How to apply lessons learned from the black market for drugs or arms merchants to the black market for cybercrime.
  • Whether it is more effective for law enforcement to go after the small number of top-tier operators or the lower- or open-tier participants.

Read more on Hackers and cybercrime prevention