The Rand Corporation has published a report detailing the fundamental characteristics of black and gray cybercrime markets, explaining their evolution into the threat we see today, and illustrating how their very existence can harm the information security environment. The report boils down to two key findings:
- The community of cybercriminals is growing. Essentially, the Rand Corporation’s research revealed that the cyber black market is no longer one comprised of individual hackers working out of their basements. Rather, the market has evolved into a network of sophisticated and organized groups that are not only similar to, but often connected with, traditional organized crime groups, such as drug cartels and terrorist cells. Sometimes, too, as the report points out, the hacking organizations work in concert with nation-states. However, the cyber black market can be more dangerous than traditional organized crime because the cyber realm can be far more profitable than, for example, the illegal drug trade.
- The black markets of cybercrime are responsive to outside forces. Here, there is good news and bad news. The good news? Many recent law enforcement efforts to take down members of the hacking community have been successful. The bad news, however, is that the organizations are responding to these efforts by intensifying their vetting processes, moving to darknets, and upping their encryption, obfuscation, and anonymization game. And here’s more bad news—it’s a resilient market. “The [cybercrime] market bounces back after a takedown or arrest. Finding comparable replacements for market leaders like the Blackhole Exploit Kit or the Silk Road may take a few iterations, but substitutes appear almost immediately as competing forums constantly vie for market share.” Like infections become resistant to drugs, the black market finds new ways to resist cyber defensive measures. And the buy-in to the market is lowered by the proliferation of as-a-service and point-and-click interfaces, as the report further explains.
The Rand Corporation offers several interesting recommendations for further research and consideration. Here I bring to your attention only a few to which I was particularly drawn:
- “Explore the ramifications of hacking back”;
- “Explore the options for banks or merchants to buy back their customers’ stolen data”;
- “Explore the effects of implementing mandates for encryption on point-of-sale terminals, safer and stronger storage of passwords and user credentials, worldwide implementation of chips and PINs, and regular checks of websites to prevent common vulnerabilities to put a dent in the black market, or enforce significant changes to how the market operates”;
- “Determine whether it is more effective for law enforcement to go after the small number of top-tier operators or the lower- or open-tier participants”;
and, finally,
- “Examine whether governments and law enforcement worldwide could work together to persecute and extradite when appropriate, and coordinate for physical arrests and indictments.”
Here’s a summary of the report and here’s a link to the report itself.
3 Pingbacks