Then and Now: On The Maturity of Cybercrime Markets

Cybercrime is often in the news and at the attention of the scientic literature as the source of huge nancial losses or the infection of large numbers of user machines becoming part of a botnet. These activities are often massive, and are supported by infrastructures and services that are reportedly served by an active underground economy. Yet, the current understanding of this phenomenon is that the markets underlying the cybercrime economy are by design fraught with problems and cannot possibly sustain the economy the eects of which we observe and read about everyday. This thesis presents a systematic analysis of an online underground black market, namely Carders.CC in which we assess the potential dierences between markets that are susceptible to scammers (IRC markets) and markets that implement mechanisms to reduce this problem (forum markets). We nd that cybercrime markets evolved from an equivalent of IRC markets to a strictly regulated state that may greatly favor market and trade eciency does not hold for Carders.CC. This cybercrime market shows a total market failure; reputation mechanisms are not implemented correctly and hierarchy rewarding communities are not properly enforced. As a result scammers operate and move freely in the market making them indistinguishable from normal users. Despite the distrusting nature of criminals (seen as normal users in these markets), they are not able to distinguish "good" users from "bad" users resulting in a failed market. We therefore conclude that we virtually nd no dierences between IRC markets and badly regulation enforced forums.

[1]  Wenke Lee,et al.  Modeling Botnet Propagation Using Time Zones , 2006, NDSS.

[2]  Felix C. Freiling,et al.  Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones , 2009, ESORICS.

[3]  Brent Byunghoon Kang,et al.  Peer-to-Peer Botnets: Overview and Case Study , 2007, HotBots.

[4]  Nir Kshetri,et al.  The simple economics of cybercrimes , 2006, IEEE Security & Privacy Magazine.

[5]  Amichai Shulman The underground credentials market , 2010 .

[6]  Amr M. Youssef,et al.  On the analysis of the Zeus botnet crimeware toolkit , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[7]  M. Eric Johnson,et al.  Managing Information Risk and the Economics of Security , 2008, Managing Information Risk and the Economics of Security.

[8]  Niels Provos,et al.  All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[9]  Fabio Massacci,et al.  Crime Pays If You Are Just an Average Hacker , 2012, 2012 International Conference on Cyber Security.

[10]  Konstantin Beznosov,et al.  Design and analysis of a social botnet , 2013, Comput. Networks.

[11]  Tyler Moore,et al.  Measuring the Cost of Cybercrime , 2012, WEIS.

[12]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2008, CCS.

[13]  Victor A. Benjamin,et al.  Securing cyberspace: Identifying key actors in hacker communities , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[14]  T. Holt,et al.  Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications , 2010 .

[15]  E. Feige,et al.  Defining and Estimating Underground and Informal Economies: The New Institional Economics Approach , 1990 .

[16]  Richard J. Enbody,et al.  Cybercrime: Dissecting the State of Underground Enterprise , 2013, IEEE Internet Computing.

[17]  Richard J. Enbody,et al.  Crimeware-as-a-service - A survey of commoditized crimeware in the underground market , 2013, Int. J. Crit. Infrastructure Prot..

[18]  Véronique Cortier,et al.  Measuring vote privacy, revisited , 2012, CCS.

[19]  Nigel Shadbolt,et al.  Why forums?: an empirical analysis into the facilitating factors of carding forums , 2013, WebSci.

[20]  Wolter Lemstra,et al.  The Economics of Malware , 2007 .

[21]  Zhen Li,et al.  Botnet Economics: Uncertainty Matters , 2008, WEIS.

[22]  Michael McCormack Swiss police raid underground bulletin boards , 1996 .

[23]  Stefan Savage,et al.  An analysis of underground forums , 2011, IMC '11.

[24]  Fabio Massacci,et al.  MalwareLab: Experimentation with Cybercrime Attack Tools , 2013, CSET.

[25]  Felix C. Freiling,et al.  I'd like to pay with your Visa Card : an illustration of illicit online trading activity in the underground economy , 2010 .

[26]  Fabio Massacci,et al.  Anatomy of Exploit Kits - Preliminary Analysis of Exploit Kits as Software Artefacts , 2013, ESSoS.

[27]  Yida Wang,et al.  Incorporating site-level knowledge to extract structured data from web forums , 2009, WWW '09.

[28]  Stefan Savage,et al.  An inquiry into the nature and causes of the wealth of internet miscreants , 2007, CCS '07.

[29]  Jens Grossklags,et al.  An Economic Map of Cybercrime , 2009 .

[30]  Gianluca Stringhini,et al.  The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns , 2011, LEET.

[31]  Nir Kshetri,et al.  Positive externality, increasing returns, and the rise in cybercrimes , 2009, Commun. ACM.

[32]  Cormac Herley,et al.  Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy , 2009, WEIS.

[33]  Tyler Moore,et al.  Information Security Economics - and Beyond , 2007, DEON.

[34]  Stefan Savage,et al.  Manufacturing compromise: the emergence of exploit-as-a-service , 2012, CCS.

[35]  Christopher Krügel,et al.  Analysis of a Botnet Takeover , 2011, IEEE Security & Privacy.

[36]  George A. Akerlof The Market for “Lemons”: Quality Uncertainty and the Market Mechanism , 1970 .

[37]  Walter Willinger,et al.  Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference , 2011, IMC 2011.

[38]  K. Eisenhardt Agency Theory: An Assessment and Review , 1989 .