Hackonomics: A First-of-Its-Kind Economic Analysis of the Cyber Black Markets
Mar 24, 2014
The world of cybercrime is deep, complex, and, according to a new report released today from the RAND Corporation, has become a fully developed market economy.
While previous studies have attempted to quantify the impact of the hacker black markets in dollar amounts, the Juniper Networks -sponsored report, “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar,” provides a never-before-seen look at the hacker black market. Included is an analysis of the economic structure and maturity, and the implications thereof to business and government organizations worldwide.
Some of the key findings include:
Economic Maturity: The hacker black market mirrors that of other free markets in both evolution and growth. RAND found five key indicators of economic maturity, including sophistication, specialization, accessibility, reliability and resilience.
More Profitable than Drug Trade: RAND’s report suggests the cyber black markets are a maturing, multi-billion-dollar economy, with robust infrastructure and social organization. In fact, RAND found the black market can be more profitable than the illegal drug trade. The links to end-users on the black market are more direct and worldwide distribution, being electronic, is trivial.
Rise of Twitter: In any traditional market, the yield or scarcity of a product influences its price. RAND found product prices on the illicit market are no different. Traditionally, credit card information was the currency of the black market, demanding high prices, ranging from $20-$40. However, high-profile breaches have created a recent influx of available credit card data. As a result, the scarcity and value of the stolen credit card information is decreasing. At the same time, social media and other online accounts are increasing in value due to scarcity on the market and a greater payoff for cyber criminals. RAND found hacking into accounts like Twitter can generate per-account revenues of $16 to $325+ depending on the account type.
Implications for Those Defending: One of the most disturbing and surprising findings from RAND is the increasingly rapid maturity of the market. RAND believes the ability to attack will outpace the ability for companies to defend. Juniper believes we must change the economics of hacking. Using forms of Active Defense like intrusion deception to actively identify, disrupt and frustrate attackers is a very promising approach.
Juniper believes one way to think of the hacker economy is less as a cyber-underground and more of a thriving metropolitan city with diverse communities, industries and interactions. Follow us through Juniper's metropolis to view the workings of a mature black market found in the report.