When is an illegal market pretty much like a real market? When it's a cyber black market.
That's the conclusion that RAND Corporation, a nonprofit institution that helps improve policy and decision making through research and analysis, came to when they investigated the rise and impact of the underground markets for tools and "takes" (exploit tools and stolen data such as credit card information).
For their report, "Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar", RAND posed three research questions:
- What are the fundamental characteristics of black and gray markets for hackers?
- How did they grow into their current state? What direction do they appear to be heading?
- How can the existence of these markets harm the information security environment?
Their overall conclusions are that these markets are growing and maturing, becoming more sophisticated as wells more valuable and won't be disappearing any time soon:
- The cyber black market has evolved from a varied landscape of discrete, ad hoc individuals into a network of highly organized groups, often connected with traditional crime groups (e.g., drug cartels, mafias, terrorist cells) and nation-states.
- The cyber black market does not differ much from a traditional market or other typical criminal enterprises; participants communicate through various channels, place their orders, and get products.
- Its evolution mirrors the normal evolution of markets with both innovation and growth.
- For many, the cyber black market can be more profitable than the illegal drug trade.
Of course there are forces such as governments and law enforcement becoming progressively more interested in shutting these markets down which has and will increasingly push these activities to the "darknets" such as the Tor network. But a consequence of the external pressures combined with the value of these black markets is to accelerate their evolution and sophistication. As RAND notes:
As suspicion and "paranoia" spike because of an increase in recent takedowns, more transactions move to darknets; stronger vetting takes place; and greater encryption, obfuscation, and anonymization techniques are employed, restricting access to the most sophisticated parts of the black market.
Another aspect of these potential black market changes will be the escalation in scale of the illegal activities:
Law enforcement efforts are improving as more individuals are technologically savvy; suspects are going after bigger targets, and thus are attracting more attention; and more crimes involve a digital component, giving law enforcement more opportunities to encounter crime in cyberspace.
If you're involved in security or defense this report is interesting and sobering reading.