Black Markets for Hackers Are Increasingly Sophisticated, Specialized, and Maturing

RAND Europe's picture
Printer-friendly versionPrinter-friendly versionPDF versionPDF version

Markets for Cybercrime Tools and Stolen Data

Hackers' Bazaar

Download eBook for Free

Full Document

1.8 MB

Use version 7.0 or higher for the best experience.

Summary Only

0.1 MB

Use version 7.0 or higher for the best experience.

Research Questions

  1. What are the fundamental characteristics of black and gray markets for hackers?
  2. How did they grow into their current state? What direction do they appear to be heading?
  3. How can the existence of these markets harm the information security environment?

Abstract

Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets for both tools (e.g., exploit kits) and take (e.g., credit card information). This report, part of a multiphase study on the future security environment, describes the fundamental characteristics of these markets and how they have grown into their current state to explain how their existence can harm the information security environment. Understanding the current and predicted landscape for these markets lays the groundwork for follow-on exploration of options to minimize the potentially harmful influence these markets impart. Experts agree that the coming years will bring more activity in darknets, more use of crypto-currencies, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions; that the ability to stage cyberattacks will likely outpace the ability to defend against them; that crime will increasingly have a networked or cyber component, creating a wider range of opportunities for black markets; and that there will be more hacking for hire, as-a-service offerings, and brokers. Experts disagree, however, on who will be most affected by the growth of the black market (e.g., small or large businesses, individuals), what products will be on the rise (e.g., fungible goods, such as data records and credit card information; non-fungible goods, such as intellectual property), or which types of attacks will be most prevalent (e.g., persistent, targeted attacks; opportunistic, mass "smash-and-grab" attacks).

Key Findings

The Hacking Community and Cyber Black Markets Are Growing and Maturing

  • The cyber black market has evolved from a varied landscape of discrete, ad hoc individuals into a network of highly organized groups, often connected with traditional crime groups (e.g., drug cartels, mafias, terrorist cells) and nation-states.
  • The cyber black market does not differ much from a traditional market or other typical criminal enterprises; participants communicate through various channels, place their orders, and get products.
  • Its evolution mirrors the normal evolution of markets with both innovation and growth.
  • For many, the cyber black market can be more profitable than the illegal drug trade.

These Cyber Black Markets Respond to Outside Forces

  • As suspicion and "paranoia" spike because of an increase in recent takedowns, more transactions move to darknets; stronger vetting takes place; and greater encryption, obfuscation, and anonymization techniques are employed, restricting access to the most sophisticated parts of the black market.
  • The proliferation of as-a-service and point-and-click interfaces lowers the cost to enter the market.
  • Law enforcement efforts are improving as more individuals are technologically savvy; suspects are going after bigger targets, and thus are attracting more attention; and more crimes involve a digital component, giving law enforcement more opportunities to encounter crime in cyberspace.
  • Still, the cyber black market remains resilient and is growing at an accelerated pace, continually getting more creative and innovative as defenses get stronger, law enforcement gets more sophisticated, and new exploitable technologies and connections appear in the world.
  • Products can be highly customized, and players tend to be extremely specialized.

Recommendations

  • Explore how computer security and defense companies could shift their approaches to thwarting attackers and attacks.
  • Explore how bug bounty programs or better pay and incentives from legitimate companies might shift transactions and talent off the illicit markets into legitimate business operations.
  • Explore the costs and benefits of establishing fake credit card shops, fake forums, and sites to increase the number and quality of arrests, and otherwise tarnish the reputation of black markets.
  • Explore the ramifications of hacking back, or including an offensive component within law enforcement that denies, degrades, or disrupts black-market business operations.
  • Explore the options for banks or merchants to buy back their customers' stolen data.
  • Explore the effects of implementing mandates for encryption on point-of-sale terminals, safer and stronger storage of passwords and user credentials, worldwide implementation of chips and PINs, and regular checks of websites to prevent common vulnerabilities put a dent in the black market, or enforce significant changes to how the market operates.
  • Explore how to apply lessons learned from the black market for drugs or arms merchants to the black market for cybercrime.
  • Determine whether it is more effective for law enforcement to go after the small number of top-tier operators or the lower- or open-tier participants.
  • Examine whether governments and law enforcement worldwide could work together to persecute and extradite when appropriate, and coordinate for physical arrests and indictments.

Table of Contents

  • Chapter One

    Introduction and Research Methodology

  • Chapter Two

    Characteristics of the Black Market

  • Chapter Three

    The Black Market and Botnets

  • Chapter Four

    Zero-Day Vulnerabilities in the Black and Gray Markets

  • Chapter Five

    Are Hacker Black Markets Mature?

  • Chapter Six

    Projections and Predictions for the Black Market

  • Chapter Seven

    Conclusions

  • Chapter Eight

    For Future Research

  • Appendix A

    Text of the Black Market Timeline

  • Appendix B

    Glossary

The research described in this report was sponsored by Juniper Networks and conducted within the Acquisition and Technology Policy Center of the RAND National Security Research Division.

This report is part of the RAND Corporation research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.

Copy and paste the selected text

Format:

News Source : Black Markets for Hackers Are Increasingly Sophisticated, Specialized, and Maturing
Copy this html code to your website/blog to embed this press release.