A quick tour in the hacking black market

A quick tour in the Black Markets, the places on the web where it is possible to acquire or rent “malicious” services and illegal products.

Black Markets are places on the web where it is possible to acquire or rent “malicious” services and products, these markets are growing fast and are becoming very popular in the criminal underground. Among the most commercialized products offered in the black markets there is user’s personal information, but which its value for cyber criminals.

Trendmicro has published an online calculator to estimate this value:

A quick calculation made with my personal selection shows the following finding:

Once selected the various types of personal information, the application shows potential markets where a data could be sold and related price.

A report published by the RAND corporation titled “Market for Cybercrime Tools and Stolen Data” provided useful information for product and services available in the principal underground markets. This report was made by investigating the markets and interviewing experts in IT security industry, in the following table are listed principal goods and services exchanged on the black market:

As shown in the table and the work of Lillian Ablon, Martin C. Libicki, Andrea A. Golay, there are many levels of access in the market. What is important to note is that in recent years the market’s access has grown thanks to the fact that many people, even if they are not technically skilled, can buy services or goods already made to initiate their activities as “lamier”. The report also notes that:

“Markets tend to make activities more efficient, whether such activities are laudable or criminal  (or, at least, subterranean). The world of hacking can be seen as a market: Buyers seek the best price; sellers ply their wares or skills to make the most profit. This scenario is subject to typical market forces, with prices rising when demand is high and falling when it is low. Over time, good products squeeze out bad ones, and high-quality brands can command premium prices. Mergers and acquisitions occur, and deals get made between market participants who know and trust each other. ”

So if world of hacking can be seen as a market, who are the participants?

In the last 10 years the market has started to be organized and guided by the exchange of products and services between groups and individuals. In the following graph are reported the principal roles of the principal black marketplaces.

The RAND report reveals that the money is closer to those who have technical ability, like a zero-day researcher or a malware writers. These individuals write or analyze malicious code sell exploits to trigger newly discovered vulnerabilities in principal software.

The report goes on to explain the various channels through which the products and services are commercialized.

The most important requirement for both buyer and sellers is the anonymity of the channel used for the transaction, for this reason black markets based on anonymizing networks (i.e. Tor, I2P) and using virtual currencies like Bitcoin to anonymize payments.

Some of the most important malicious effects of the black market over the last few years as indicated in the RAND’s report:

“In the December 2013 breach of the retail giant Target, where data from as many as 40 million credit cards and 70 million user accounts were hijacked, such data appeared within days on black-market sites. Other examples of attacks and their links to underground markets include: recent increases in the use of watering-hole attacks (where users visit popular, legitimate, but compromised websites) based on well-known exploit kits available for sale on the black market (see,  e.g., Malwageddon, 2013) the growing prevalence of malware inserted into online advertisements that, when clicked, infect a victim’s computer, and call back to an exploit kit to launch additional malware;  data is then stolen and sold on black markets (e.g., Joostbijl, 2014) websites throttled by Distributed Denial of Service (DDoS) attacks implemented by rented botnets available on the black market (e.g., Schwartz, 2010).”

Perhaps the hacker’s market is not “more profitable than the illegal drug trade”, as the RAND report suggests, but it is a big commercial opportunity for a large amount of people.  Anyone who has a computer can enter the market and start a business. The channels are pretty much secure and even if you do not look like a new Al Capone, if you want, you could be a “dark trader” of stolen credit card or a good broker of new zero-day vulnerabilities.

Written by Alessandro Contini

Alessandro Contini operates as Cyber Security Consultant in national and international realities. Starting from a long experience and technical expertise on system architectures in particular related to Critical Infrastructure. Alessandro collaborates as Cyber Intelligence specialist to find deeper information in Cyber Crime and Terrorism scenarios.

Edited by Pierluigi Paganini

(Security Affairs – black market, underground)