Skip to main content

Black Markets for Hackers Are Increasingly Sophisticated, Specialized and Maturing

By
Black and gray markets for computer hacking tools, services and byproducts such as stolen credit card numbers continue to expand, creating an increasing threat to businesses, governments and individuals, according to a new RAND Corporation study.
One dramatic example is the December 2013 breach of retail giant Target, in which data from approximately 40 million credit cards and 70 million user accounts was hijacked. Within days, that data appeared — available for purchase — on black market websites.
“Hacking used to be an activity that was mainly carried out by individuals working alone, but over the last 15 years the world of hacking has become more organized and reliable,” said Lillian Ablon, lead author of the study and an information systems analyst at RAND, a nonprofit research organization. “In certain respects, cybercrime can be more lucrative and easier to carry out than the illegal drug trade.”
The growth in cybercrime has been assisted by sophisticated and specialized markets that freely deal in the tools and the spoils of cybercrime. These include items such as exploit kits (software tools that can help create, distribute, and manage attacks on systems), botnets (a group of compromised computers remotely controlled by a central authority that can be used to send spam or flood websites), as-a-service models (hacking for hire) and the fruits of cybercrime, including stolen credit card numbers and compromised hosts.
In the wake of several highly-publicized arrests and an increase in the ability of law enforcement to take down some markets, access to many of these black markets has become more restricted, with cybercriminals vetting potential partners before offering access to the upper levels. That said, once in, there is very low barrier to entry to participate and profit, according to the report.
RAND researchers conducted more than two dozen interviews with cybersecurity and related experts, including academics, security researchers, news reporters, security vendors and law enforcement officials. The study outlines the characteristics of the cybercrime black markets, with additional consideration given to botnets and their role in the black market, and “zero-day” vulnerabilities (software bugs that are unknown to vendors and without a software patch). Researchers also examine various projections and predictions for how the black market may evolve.
What makes these black markets notable is their resilience and sophistication, Ablon said. Even as consumers and businesses have fortified their activities in reaction to security threats, cybercriminals have adapted. An increase in law enforcement arrests has resulted in hackers going after bigger targets. More and more crimes have a digital component.
The RAND study says there will be more activity in “darknets,” more checking and vetting of participants, more use of crypto-currencies such as Bitcoin, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions. Helped by such markets, the ability to attack will likely outpace the ability to defend.
Hyper-connectivity will create more points of presence for attack and exploitation so that crime increasingly will have a networked or cyber component, creating a wider range of opportunities for black markets. Exploitations of social networks and mobile devices will continue to grow. There will be more hacking-for-hire, as-a-service offerings and cybercrime brokers.
However, experts disagree on who will be the most affected by the growth of the black market, what products will be on the rise and which types of attacks will be more prevalent, Ablon said.
The study, “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar,” can be found at www.rand.org. Other authors of the study are Martin Libicki and Andrea A. Golay.
Support for the study was provided by Juniper Networks as part of a multiphase study on the future cybersecurity environment.
The study was conducted within the Acquisition and Technology Policy Center of the RAND National Security Research Division. The division conducts research and analysis on defense and national security topics for the U.S. and allied defense, foreign policy, homeland security and intelligence communities and foundations and other nongovernmental organizations that support defense and national security analysis.
The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. This article was originally published at the RAND Corportation.
Labels:

Comments

Post a Comment

Popular posts from this blog

structured programming

By
INTRODUCTION TO PROGRAMMING Definitions Computer programming is the aspect of translation of user’s ideas in to a form that can be understood by the computer by the use of an acceptable tool called computer programming language. A computer program is a set of coded instructions for the computer to obey and process data. Programming language is set of instructions or a tool used for writing computer programs. NB the purpose of computer programming is to solve the users needs i.e. developing instructions for the computer with the aim of solving a particular user problem. This enables the computer to accept and manipulate data and print results automatically. Development of computer programming languages. Introduction Primary function of programming languages is to provide instructions to the computer system so that it can perform a processing activity. Each programming language uses a set of symbols that have special meaning. Each language has its own rules called ...
1 comment
Read more

OMG!! This was terrible...NORTH RIFT SHUTTLE ACCIDENT....[PHOTOS]

By
Eleven people perished on the spot Thursday morning when a Nairobi bound matatu collided head-on with a truck at Quarry area along the Nakuru-Eldoret highway. The 11 were in the matatu when it was hit and dragged for about 40-metres and squeezed into a roadside embankment. Koibatek Sub-County Commissioner, Samson Irungu said they rushed to the scene but were shocked to find 11 occupants in the matatu had perished and were trapped inside the vehicle. However one person, Joseph Chigu Otieno, survived the accident. “The lorry was loaded with twisted iron rods that made its momentum dangerous. When it lost control and swerved to the right it hit the matatu and pushed it forty metres off the road before coming to a halt when the two vehicles hit a side embankment. "All the victims had multiple fractures and rescuers had a difficult time pulling the two vehicles apart in the hope of finding a survivor,” Mr Irungu said. Koibatek Divisional Police ...
Post a Comment
Read more

8 Problems That Only Guys Who F**k Real Good Will Understand

By
Hey there, other guys who fuck real good -- we're a rare breed, aren't we? We always try to keep our weird, nerdy quirk to ourselves, but sometimes, our undeniable prowess at fucking causes some problems in our day-to-day life that those other "only ok at fucking" people simply just won't understand. Just in case you're feeling alone & embarrassed, here's 8 Problems That Only Guys Who Fuck Real Good Will Understand . Don't be shy! Please read and share...but ONLY if you understand ;-) ;-) ;-0 This is a common problem for us Fuck-Too-Goods. Sometimes, you'll leave your partner TOO satisfied that they won't be able to think or concentrate on anything else other than how well they were just made love to. Fortunately, this will eventually dissipate, but unfortunately, then they'll just want to fuck again. Such is the cross we bear, right fellow Goodfuckers??? This happens literally every time you have sex. With 100% c...
Post a Comment
Read more