Wednesday, March 26, 2014

Black Market For Hackers Bigger And Badder Than Ever, May Surpass Illegal Drugs In Value

Black and gray markets for computer hacking tools, services and byproducts such as stolen credit card numbers continue to expand, creating an increasing threat to businesses, governments and individuals, according to a new RAND Corporation study.

According to the study: 
  • The cyber black market has evolved from a varied landscape of discrete, ad hoc individuals into a network of highly organized groups, often connected with traditional crime groups (e.g., drug cartels, mafias, terrorist cells) and nation-states.
  • The cyber black market does not differ much from a traditional market or other typical criminal enterprises; participants communicate through various channels, place their orders, and get products.
  • Its evolution mirrors the normal evolution of markets with both innovation and growth.
  • For many, the cyber black market can be more profitable than the illegal drug trade.
One dramatic example is the December 2013 breach of retail giant Target, in which data from approximately 40 million credit cards and 70 million user accounts was hijacked. Within days, that data appeared — available for purchase — on black market websites.

“Hacking used to be an activity that was mainly carried out by individuals working alone, but over the last 15 years the world of hacking has become more organized and reliable,” said Lillian Ablon, lead author of the study and an information systems analyst at RAND, a nonprofit research organization. “In certain respects, cybercrime can be more lucrative and easier to carry out than the illegal drug trade.”

The growth in cybercrime has been assisted by sophisticated and specialized markets that freely deal in the tools and the spoils of cybercrime. These include items such as exploit kits (software tools that can help create, distribute, and manage attacks on systems), botnets (a group of compromised computers remotely controlled by a central authority that can be used to send spam or flood websites), as-a-service models (hacking for hire) and the fruits of cybercrime, including stolen credit card numbers and compromised hosts.

In the wake of several highly-publicized arrests and an increase in the ability of law enforcement to take down some markets, access to many of these black markets has become more restricted, with cybercriminals vetting potential partners before offering access to the upper levels. That said, once in, there is very low barrier to entry to participate and profit, according to the report.

RAND researchers conducted more than two dozen interviews with cybersecurity and related experts, including academics, security researchers, news reporters, security vendors and law enforcement officials. The study outlines the characteristics of the cybercrime black markets, with additional consideration given to botnets and their role in the black market, and “zero-day” vulnerabilities (software bugs that are unknown to vendors and without a software patch). Researchers also examine various projections and predictions for how the black market may evolve.

What makes these black markets notable is their resilience and sophistication, Ablon said. Even as consumers and businesses have fortified their activities in reaction to security threats, cybercriminals have adapted. An increase in law enforcement arrests has resulted in hackers going after bigger targets. More and more crimes have a digital component.

The RAND study says there will be more activity in “darknets,” more checking and vetting of participants, more use of crypto-currencies such as Bitcoin, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions. Helped by such markets, the ability to attack will likely outpace the ability to defend.

Internet Map
Credit: Wikipedia

Hyper-connectivity will create more points of presence for attack and exploitation so that crime increasingly will have a networked or cyber component, creating a wider range of opportunities for black markets. Exploitations of social networks and mobile devices will continue to grow. There will be more hacking-for-hire, as-a-service offerings and cybercrime brokers.

However, experts disagree on who will be the most affected by the growth of the black market, what products will be on the rise and which types of attacks will be more prevalent, Ablon said.

These Cyber Black Markets Respond to Outside Forces:
  • As suspicion and "paranoia" spike because of an increase in recent takedowns, more transactions move to darknets; stronger vetting takes place; and greater encryption, obfuscation, and anonymization techniques are employed, restricting access to the most sophisticated parts of the black market.
  • The proliferation of as-a-service and point-and-click interfaces lowers the cost to enter the market.
  • Law enforcement efforts are improving as more individuals are technologically savvy; suspects are going after bigger targets, and thus are attracting more attention; and more crimes involve a digital component, giving law enforcement more opportunities to encounter crime in cyberspace.
  • Still, the cyber black market remains resilient and is growing at an accelerated pace, continually getting more creative and innovative as defenses get stronger, law enforcement gets more sophisticated, and new exploitable technologies and connections appear in the world.
  • Products can be highly customized, and players tend to be extremely specialized.
The study, “Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar,” can be found at Other authors of the study are Martin Libicki and Andrea A. Golay.

Support for the study was provided by Juniper Networks as part of a multiphase study on the future cybersecurity environment.

The study was conducted within the Acquisition and Technology Policy Center of the RAND National Security Research Division. The division conducts research and analysis on defense and national security topics for the U.S. and allied defense, foreign policy, homeland security and intelligence communities and foundations and other nongovernmental organizations that support defense and national security analysis.

Contacts and sources:
Lisa M. Sodders
RAND Corporation


  1. Good job! Fruitful article. I like this very much. It is very useful for my research. It shows your interest in this topic very well. I hope you will post some more information about the software. Please keep sharing!!
    SEO Training in Chennai
    SEO Training in Bangalore
    SEO Training in Coimbatore
    SEO Training in Madurai
    SEO Course in Chennai
    SEO Course in Chennai
    SEO Course in Bangalore
    SEO Course in Coimbatore

  2. Great Article Cyber Security Projects projects for cse Networking Security Projects JavaScript Training in Chennai JavaScript Training in Chennai The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training