Skip to Main Content
Have library access? Log in through your library
Markets for Cybercrime Tools and Stolen Data

Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar

Lillian Ablon
Martin C. Libicki
Andrea A. Golay
Copyright Date: 2014
Published by: RAND Corporation
  • Cite this Item
  • Book Info
    Markets for Cybercrime Tools and Stolen Data
    Book Description:

    Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets. This report characterizes these markets and how they have grown into their current state to provide insight into how their existence can harm the information security environment. Understanding these markets lays the groundwork for exploring options to minimize their potentially harmful influence.

    eISBN: 978-0-8330-8574-0
    Subjects: Technology, Health Sciences

Table of Contents

  1. Front Matter
    (pp. i-ii)
  2. Preface
    (pp. iii-iv)
  3. Table of Contents
    (pp. v-vi)
  4. Figures and Tables
    (pp. vii-viii)
  5. Summary
    (pp. ix-xii)
  6. Acknowledgments
    (pp. xiii-xiv)
  7. Abbreviations
    (pp. xv-xvi)
  8. CHAPTER ONE Introduction and Research Methodology
    (pp. 1-2)

    Markets tend to make activities more efficient, whether such activities are laudable or criminal (or, at least, subterranean). The world of hacking can be seen as a market: Buyers seek the best price; sellers ply their wares or skills to make the most profit. This scenario is subject to typical market forces, with prices rising when demand is high and falling when it is low. Over time, good products squeeze out bad ones, and high-quality brands can command premium prices. Mergers and acquisitions occur, and deals get made between market participants who know and trust each other. Innovation is constant,...

  9. CHAPTER TWO Characteristics of the Black Market
    (pp. 3-20)

    Black markets emerged as it became increasingly obvious that a lot of money could be made for relatively low investment. The growth of the Internet allowed like-minded individuals to find each other and connect more easily, providing easier access to tools and weapons, as well as to more targets. Barriers to entry were low for those with appropriate access and vetting. The risk was also low (compared with other criminal markets), at least initially, because law enforcement was ill equipped to track it (although they are increasingly getting more effective). The slow adaptation of law to the demands of cyberspace...

  10. CHAPTER THREE The Black Market and Botnets
    (pp. 21-24)

    From the mid-2000s through today, botnets have been one of the largest enablers of cybercrime. Not surprisingly, their presence and offerings are significant on the black market. In this chapter, we provide a focused look at botnets and their role in the black market. Figure 3.1 provides an overview timeline.

    Botnets started gaining ground in the market in 2003–2004, when they were used mainly for spamming. Botnets originally operated on IRC and could be taken down by shutting down the IRC server. Nevertheless, the number of botnet variants doubled between 2004 and 2005, when the source code and a...

  11. CHAPTER FOUR Zero-Day Vulnerabilities in the Black and Gray Markets
    (pp. 25-28)

    Zero-day vulnerabilities (“zero-day exploits”, or just “zero-days”) are exploitable vulnerabilities that a software vendor is not aware of and for which no patch has been created. Zero-days are thus desirable for hackers, because everyone is vulnerable to exploitation. This, combined with zero-days being difficult to find and difficult to develop an exploit for, makes them pricy. Zero-days are most often thought to be used for corporate espionage, or highly targeted attacks where the only entry is through a zero-day.

    Zero-days are not as prevalent as some might advertise, but theyarebought and sold on the black market, if one...

  12. CHAPTER FIVE Are Hacker Black Markets Mature?
    (pp. 29-30)

    Market maturity can be understood in several ways:

    sophistication: The market changes and adapts to the current needs.

    reliability and integrity: People and products are what they say they are, and do what they say they do.

    accessibility: There is a low cost of entry, and it is relatively easy to get involved, especially in the lower-access tiers—and, once vetted, in the higher-access tiers.

    specialization: There are distinct and customized products, places, and participant roles and division of labor.

    resilience: External events do not affect the market—or, if they do, the market bounces back.

    Table 5.1 is our...

  13. CHAPTER SIX Projections and Predictions for the Black Market
    (pp. 31-38)

    Maturity did not come automatically or easily to the black market. It took more than a decade of continuous development and innovation, the introduction of new generations of digitally savvy participants, and significant trial and error to achieve today’s maturity. Figure 6.1 is a brief synopsis of the circumstances, events, status indicators, and trends of the black market. See Appendix A for more detail.

    While our experts agreed on many trends for the future, they differed on others. We first cover those that garnered consensus.

    There will be more activity in darknets, more checking and vetting of participants, more use...

  14. CHAPTER SEVEN Conclusions
    (pp. 39-40)

    Since the mid-2000s, the hacking community has been steadily growing and maturing, as has its market. It took more than a decade of continuous development and innovation, the introduction of new generations of digitally savvy participants, and significant trial and error to achieve today’s landscape. The black market does not differ all that much from a traditional market or other typical criminal enterprises; participants communicate through various channels, place their orders, and get products. Its evolution mirrors the normal evolution of a free market with both innovation and growth. The black market can be more profitable than the illegal drug...

  15. CHAPTER EIGHT For Future Research
    (pp. 41-42)

    The deleterious effects of black markets on cybersecurity suggest the need for options in suppressing such market activity, without which very little is likely to change. Such a search would raise several questions:

    How might bug bounty programs or better pay and incentives from legitimate companies shift transactions and talent off the illicit markets into legitimate business operations?

    What are the costs and benefits of establishing fake credit card shops, fake forums, and sites to increase the number and quality of arrests, and otherwise tarnish the reputation of black markets?

    What benefit might there be by hacking back, or including...

  16. APPENDIX A Text of the Black Market Timeline
    (pp. 43-46)
  17. APPENDIX B Glossary
    (pp. 47-52)
  18. Bibliography
    (pp. 53-66)