Cyber black markets get upper hand

Cyber attackers now outgun defenders according to a new report out today looking at the multi-billion-dollar cyber criminal black economy and its infrastructure.

Cyber black markets get upper hand
Cyber black markets get upper hand

The way to defend against such an organised opponent is to hit their economic viability, increase the effort and expense of exfiltrating  valuable data, IP and cash, and increase the likelihood of criminals getting caught says the report ‘Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar ‘ by Rand Corporation for Juniper Networks.

Mark Quartermaine, vice president UK and Ireland, Juniper Networks told SCMagazineUK.com, “In the early days of hacking, 80 percent of hackers were solo operators; now its 80 percent who are organised (within a community) with all the attributes of a mature economy, with robust infrastructure and social organisation.” This includes sophistication of tools, attacks and responsiveness to changes in the market; specialists focussing on particular ‘skills'; reliability of practitioners to deliver as promised; and accessibility with a low cost of entry.

Evolution of the cyber black markets mirror other free markets with both innovation and growth.  Like a metropolis, the black market is described by Rand as a collection of skilled and unskilled suppliers, vendors, potential buyers, and intermediaries for goods or services surrounding digitally based crimes.

Storefronts range from instant messaging chat channels, forums and bulletin boards, to sophisticated stores (not unlike an Amazon.com)

Service Economy – Criminal services are available from the hacker economy.

Rule of Law –Many parts of the cyber black markets are well structured, policed and have rules and those who scam others are regularly banned. As cybercriminals move up the chain, there is an extensive vetting process to participate.

Education and Training–Widely available tools and resources teach people how to hack, including YouTube videos and Google guides on topics such as exploit kits and where to buy credit cards.

Currencies –Transactions are often conducted by means of digital currencies. Bitcoin, Pecunix, AlertPay, PPcoin, Litecoin, Feathercoin, and Bitcoin extensions, such as Zerocoin are discussed.

Diversification/specialisation –Cybercriminals from China, Latin America and Eastern Europe are typically known for quantity in malware attacks, those from Russia tend to be thought of as the leader in quality. Many Vietnamese cybercriminals mainly focus on e-commerce hacks. Cybercriminals from Russia, Romania, Lithuania and Ukraine focus on financial institutions. Many Chinese cybercriminals specialise in intellectual property. And US-based cybercriminals primarily target US-based systems and target financial systems.

Hierarchal Society– Getting to the top requires personal connections, but those at the top are making the lion's share of the money.

Criminals – Criminal cyber black market criminals, known as “rippers,” do not provide the goods or services they claim.

Other observations include that:

The cyber back market is seen as more valuable than the drug trade as the ‘product' is so easy to transport internationally – unlike drugs -  and the revenue is gathered more securely with fewer intermediaries and far lower barriers to expansion.

UK credit card credentials are more valuable than American ones as, not being signature based thanks to Chip and Pin, they have a longer life and higher credit balances.

Twitter credentials are increasing in value as they provide access to paypal etc,

Asked about the option of retaliation, Quartermaine told SCMagazineUK.com “Jupiter has chosen not to go down that route and prefers to enable actions that make it no longer economically viable.  We are looking at how to disrupt the market, identify bad behaviour of hacker and guide them (attackers) to false data, false code.  (Using our tools) We can be reasonably certain of identifying the actions of a bad actor whereas previously there may have been more false positives."

Commenting on the findings, an unnamed spokesperson for the British Retail Consortium agreed on the need to tackle the growing menace of online fraud, telling  SCMagazineUK.com, “Most fraud is now committed online and the majority of retailers suffered some form of cyber attack in 2012-13. There has to be a more effective, joined up law enforcement response to cyber crime. Retailers already invest considerable resources to protect their businesses and want to work with the National Crime Agency, police and others to help tackle the cyber threat."

And its not all gloom as the report also notes how law enforcement agencies are also getting more sophisticated in their defences.  And for organisations, active defence approaches like intrusion deception to actively identify, disrupt and frustrate attackers and waste a criminal's time or make the exploit tools they purchased on the black market ineffective. Other options include inserting fake data as tar traps or hacking forums to flood the market and breed distrust among actors.  Overall these measures may make your organisation less vulnerable, but they do not reduce the market, they just send the attackers to weaker targets.