Apr 01 New Study Journeys to the Heart of Darknets to Find Out Why a Stolen Twitter Account Is Worth More Than a Stolen Credit Card…Plus Much More.
Brad Chacos on pcworld.com defined Darknets as “small niches of the ‘Deep Web,’ which is itself a catch-all term for the assorted net-connected stuff that isn’t discoverable by the major search engines.” It’s a “hidden underbelly, home to both rogues and political activists… accessed only with the help of specially designed anonymizing software. It’s a secretive place [and] a dangerous place, where a lot of illicit, underground nastiness occurs.”
A new study, “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar” by the RAND Corporation, a research organization that develops solutions to public policy challenges, illuminates the murky world of Darknets and black market deals for both tools such as exploit kits and the booty that’s been plundered by cyberthieves, such as personal information from credit cards.
Interviews were conducted with more than two dozen cybersecurity experts including academics, researchers, reporters, security vendors and law enforcement officials.
Michael Callahan of Juniper Networks, which funded the study, was surprised to learn that “information that traditionally fetched a high price on the black market is decreasing in value, making way for new, high-priced items.
“Traditionally, credit card information was the currency of the black market. It demanded a high price, ranging from $20-$40 on average. However, high-profile breaches have created a recent influx of available credit card data online. As a result the scarcity and value of the stolen information is decreasing. During a large credit card breach, the market becomes flooded with data causing prices to drop from $20 per record to $0.75 per record in a short amount of time.
“Social media and other online accounts are now becoming more valuable. Although prices range widely, RAND found hacked accounts can be worth anywhere from $16 to $325+ depending on the account type.”
Experts agreed that the future held more activity in Darknets including more use of crypto-currencies, malware with improved anonymity, and more attention to encryption for protecting communications and transactions. They also agreed that cyberattacks would probably outpace the ability to defend against them and that there would be more hacking for hire as-a-service.
The same experts disagreed on who would most be affected by the growth of the black market. Would it be small businesses, large businesses or individuals? And they disagreed on what commodities would be the most sought after — data records and credit card information or intellectual property. There was also disagreement on which types of attacks would be most prevalent, persistent targeted attacks; opportunistic or mass “smash-and-grabs.”
Key Findings of the study:
• The cyber black market has evolved from a varied landscape of discrete, ad hoc individuals into a network of highly organized groups, often connected with traditional crime groups (e.g., drug cartels, mafias, terrorist cells) and nation-states.
• The cyber black market does not differ much from a traditional market or other typical criminal enterprises; participants communicate through various channels, place their orders, and get products.
• Its evolution mirrors the normal evolution of markets with both innovation and growth.
• For many, the cyber black market can be more profitable than the illegal drug trade.
The cyber black market responds to external forces as does the traditional marketplace:
• As suspicion and “paranoia” spike because of an increase in recent takedowns by law enforcement, more transactions move to Darknets; stronger vetting takes place; and greater encryption, obfuscation, and anonymization techniques are employed, restricting access to the most sophisticated parts of the black market.
• The proliferation of as-a-service and point-and-click interfaces lowers the cost to enter the black market.
• Law enforcement efforts are improving as more of them become technologically savvy. Suspects are going after bigger targets, and thus are attracting more attention. More crimes involve a digital component, giving law enforcement more opportunity to encounter crime in cyberspace.
• Still, the cyber black market remains resilient and is growing at an accelerated pace, continually getting more creative and innovative as defenses get stronger, law enforcement gets more sophisticated, and new exploitable technologies and connections appear in the world.
• Products can be highly customized, and players tend to be extremely specialized.
Study recommendations include exploring:
• How computer security and defense companies could shift their approaches to thwarting attackers and attacks.
• How bug bounty programs or better pay and incentives from legitimate companies might shift transactions and talent off the illicit markets into legitimate business operations.
• The costs and benefits of establishing fake credit card shops, fake forums, and sites to increase the number and quality of arrests, and otherwise tarnish the reputation of black markets.
• The ramifications of hacking back, or including an offensive component within law enforcement that denies, degrades, or disrupts black-market business operations.
• The options for banks or merchants to buy back their customers’ stolen data.
• The effects of implementing mandates for encryption on point-of-sale terminals, safer and stronger storage of passwords and user credentials, worldwide implementation of chips and PINs, and regular checks of websites to prevent common vulnerabilities put a dent in the black market, or enforce significant changes to how the market operates.
• How to apply lessons learned from the black market for drugs or arms merchants to the black market for cybercrime.
It also recommends:
• Determining whether it is more effective for law enforcement to go after the small number of top-tier operators or the lower- or open-tier participants.
• Examining whether governments and law enforcement worldwide could work together to prosecute and extradite cybercriminals including coordinating physical arrests and indictments.
“Hacking used to be an activity that was mainly carried out by individuals working alone, but over the last 15 years the world of hacking has become more organized and reliable,” said Lillian Ablon, lead author of the study and an information systems analyst at RAND. “In certain respects, cybercrime can be more lucrative and easier to carry out than the illegal drug trade.”
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.