In the world of information technology, there are many kinds of markets. Black markets, where illicit products are sold. Commercial markets, which we might call white markets. And grey markets, defined as:
…the trade of a commodity through distribution channels which, while legal, are unofficial, unauthorized, or unintended by the original manufacturer.
The recent RAND Corporation report, “Markets for Cybercrime Tools and Stolen Data; Hackers’ Bazaar,” talks about the maturing cybercrime black market, which is both fascinating and disturbing, especially given the size, scope, and aggressive nature of its participants. The report also calls out the notion of a grey market, particularly for zero-days, in which a “legitimate vulnerability market” supports the buying and selling of vulnerabilities. (Spoiler alert: This is already happening and it will create a new class of millionaires.)
We (the business world) have been too slow to associate a monitory value on digital assets in such a way that warrants protecting them. Think about it: Digital assets, or information of any sort, are not explicitly treated as assets on a balance sheet. They have no real value in the eyes of the owner. If we don’t treat information with the same care that we treat other corporate assets (buildings, equipment, cash and investments), and we can’t even articulate the value of a customer record, then naturally the cost of protecting that record will not become a point for discussion.
In any traditional market, the yield or scarcity of a product influences its price. A recent report from Juniper Networks and The RAND Corporation looked at the economic maturity of the cyber black market – and it found product prices in this illicit market are no different.
The world of cybercrime is deep, complex, and, according to a new report released today from the RAND Corporation, has become a fully developed market economy.
While previous studies have attempted to quantify the impact of the hacker black markets in dollar amounts, the Juniper Networks -sponsored report, “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar,” provides a never-before-seen look at the hacker black market. Included is an analysis of the economic structure and maturity, and the implications thereof to business and government organizations worldwide.
From the click-clack of the Enigma machine that stumped so many for so long to the Anonymous “Million Mask March” on the White House to protest against corporate and government corruption, we’ve assembled an illustrative timeline of the cyber world—and the crime that’s accompanied it. What’s clear is that the black markets that are supporting hackers have rapidly grown into mature economies that are greatly increasing the threats companies face. We’ve chronicled ecosystems, attacks, and products with the hope of offering you a bit of history you may not have known or thought about recently.