Cyber black market has robust infrastructure: report

RAND report says the market is replete with buyers, sellers & intermediaries; while rippers abound, they are regularly banned or pushed off the market

The collapse of Mt Gox, the largest bitcoin exchange, on February 25 suggests digital attacks are increasingly becoming sophisticated and dangerous.

Cyber black markets are a mature and growing multi-billion-dollar economy with "a robust infrastructure and social organisation", says a report by RAND Corporation. It adds similar to the global economy that runs on demand and supply, a parallel underground economy is also subject to the same pulls and pushes. Here, services and good are sold for a price.

Many parts of the cyber black market are well-structured and policed and have rules. The study finds much like a legitimate business, it takes connections to move up the (cyber) food chain.

In December 2013, retail giant Target was hit by malicious hackers. About 70 million customer records, including names, numbers and debit and credit card data, were hacked and made available for purchase in the black market.

The underground market is replete with buyers, sellers and intermediaries. While buyers could be individuals, criminal organisations or commercial vendors, intermediaries act as a third party, verifying and validating products and participants, helping carry out transactions and safeguarding identities. Of the participants those at higher levels usually receive higher compensation.

The hacker economy has its share of rippers - those who don't deliver the product/service they promise. But "those who scam others are regularly banned or pushed off the market", says Greg Bunt, director of security for Asia-Pacific, Juniper Networks, which sponsored the study.

On the hierarchy in the chain, the report says administrators are at the top, followed by subject-matter experts who specialise in particular areas (root kit creators, data traffickers, cryptanalysts, those who vet, etc).

Often, transactions in the cyber black market are conducted by means of digital currencies - pecunix, AlertPay, PPcoin, litecoin, feathercoin, as well as bitcoin extensions such as zerocoin - the report says. "Though transactions can also be done by means of non-digital currency, many criminal sites are starting to accept only digital crypto currencies due to their anonymity," Bunt said.

Ultimately, there has to be a cash-out, and this is where mules and virtual money mule services come into play. They use multiple ways to turn the stolen credit card or ecommerce accounts into usable money.

It is unclear how many people participate in this market, which generates billions of dollars. "In certain respects, cybercrime can be more lucrative and easy than illegal drug trade," said Lillian Ablon, lead author of the study and an information systems analyst at RAND.

The rising penetration of the internet and greater proliferation of websites due to the rise in smartphone and social media create a huge opportunity for hackers to prey on data, as most users aren't sure about the security of their data.

Unlike the real economy, "external events that seemingly disrupt markets, don't affect it (the hacker economy). If they do, the markets bounce back. Despite increased and improved efforts by law enforcement to disrupt and shut various parts of the markets - from financing to popular marketplaces - the hacker economy has proved to be quite resilient. The demand and potential profit for attackers is simply too high", says Bunt.

The report says various governments "are increasingly showing up as buyers" for zero-day exploits, or attacks that take advantage of vulnerability in the software/system on the same day the vulnerability becomes known. Experts say hackers can use this to install software to track/ferret out personally identifiable information from computers.