‘Hackers’ Bazaar’: The Growing Black Market for Cybercrime

Cyber attack The rise of the Internet has greatly impacted the lives of users around the world: items can be purchased and shipped internationally, loved-ones can be seen and spoken to from thousands of miles away, and messages can be sent instantaneously from just about anywhere. While the Internet offers these and many other benefits to its users, its dangers are also becoming more and more apparent. In a society that combines global capitalism with rapidly developing technology, the Internet has become a major hub for illicit activity, especially for hackers looking to steal user information and use it for monetary gain. According to a recently released RAND report, a new type of black market is now facilitating this phenomenon: virtual “black and gray markets for hacking tools, hacking services, and the fruits of hacking.”

According to the report, there has been a “steady increase” in black market demand for and availability of hacking goods and services since the early 2000s. Goods and services offered on the black market include stolen records and intellectual property (i.e. credit card and other personal banking information), exploit kits (which include botnets and DDoS [Distributed Denial of Service] technology), and zero-day vulnerabilities. Online tutorials on hacking for “technical novices” are also becoming prevalent as the black market becomes more lucrative. The report stresses that the continued sale of these goods and services poses a grave threat to the security of American citizens and U.S. critical infrastructure alike.

So, how well is law enforcement able to protect against the trafficking of these goods and services? The report implies not well enough. It states that the “hacker economy” has proven to be resilient; studies show that substitutions for certain “market leaders”, such as the Blackhole Exploit Kit or the Silk Road, can appear almost immediately after a takedown or arrest, leaving law enforcement efforts right back where they started. The report maintains that more options to “suppress such market activity” are needed to mitigate the harmful effects of black markets on cybersecurity.

Article formerly posted at https://www.hsdl.org/blog/newpost/view/s_5057