Study Shows Cybercrime Part of Sophisticated Underground Economy

Cybercrime has grown in sophistication, evolving from a world of rogue individuals to a functioning market-based economy with its ups and downs, code of conduct and innovation, suggests a study commissioned by security firm Juniper Networks.

Researched by the non-profit Rand Corporation, the study finds that today’s cyber black market has developed into a network of highly organised groups, often connected with traditional crime groups such as drug cartels, mafias, terrorist cells and also nation-states.

Among the study’s other findings:

  • The cyber black market does not differ much from a traditional market or other typical criminal enterprises; participants communicate through various channels, place their orders, and get products.
  • Its evolution mirrors the normal evolution of markets with both innovation and growth.
  • For many, the cyber black market can be more profitable than the illegal drug trade.

The evolution of cybercrime creates new challenges for security professionals trying to protect computer networks, says Nawaf Bitar, Juniper’s general manager for security.

“We have long suspected that cybercriminals were sophisticated and that they had an organisational structure, but no one had studied this,” said Bitar. “The success of this market is driven by accelerated economics, and the way to address this is through economics.”

Juniper’s security vice president Michael Callahan adds that the cyber underground shares similar characteristics to an economy, including its own currencies – chiefly cryptographic payment forms such as Bitcoin. It is characterised by specialisation and resilience, so that if one market participant leaves another steps up.

Callahan cites as a recent example the demise of the black market bazaar Silk Road went down, which was being replaced within a day by other participants.

The study suggests that about 30% of the sellers of financial data are ‘rippers, who fail to deliver promised goods or services. Abuses typically occur in the lower levels of the black market that are easiest to access, although rippers “tend to get reported and then often quickly removed.”

The study found these markets span the globe from China to Eastern Europe to Latin America, with many US-based players and “more cross-pollination between these cybercriminals than ever before.”

The cybercrime world features ‘storefronts’ similar to other forms of electronic commerce (e-commerce), with hacker tools and services traded. For those who lack technical savvy, new services are offered. Rand found on offer a distributed denial of service (DDoS) attack – in which hackers overwhelm a server to interrupt access – at only US$50 for a 24-hour attack.


Related reading