Johannesburg, 25 Apr 2014
A recent sponsored report from the RAND Corporation http://juni.pr/NAjxVk reveals that the world of cyber crime is deep, complex and has now developed into a fully functional market economy. RAND has interviewed a number of global experts with involvement in black markets across academics, security researchers, reporters, security vendors and law enforcement, writes Adrian Pickering, vice president, Middle East & Africa, Juniper Networks.
This report has confirmed that black markets are a maturing, multi-billion-dollar economy with robust infrastructure and social organisation. There are five key indicators across sophistication, specialisation, reliability, accessibility and resilience that are functional evidence of the economic maturity demonstrated by cyber black markets.
Within these markets one will find a wide set of tools and resources available to educate individuals how to hack, which has resulted in accelerated sophistication and a broader set of roles within the economy. Those roles include storefronts for access to buy or sell records, exploit kits and services.
Transactions in these markets are often conducted in digital currencies such as Bitcoin extensions, Feathercoin or AlertPay, while the report goes on to describe the cyber black market as one that is well structured, policed and have rules like a constitution. Yet, like any metropolitan city, even the cyber black market has its own criminals called 'rippers' who do not provide the goods or services they claim.
Hierarchical structures are in place and are built on relationships where the most connected individuals are seen as experts and make the lion's share of the money. Cross pollination between cybercriminals results in areas of expertise residing across different countries.
So what now? The growing maturity of the hacker black markets is creating significant new challenges for companies and individuals. RAND believes the ability to attack will outpace the ability to defend. We need to change the economics of hacking and find ways to disrupt the value chains that result in successful attacks through the use of active defence, or actively identifying and disrupting attackers on corporate networks versus passively blocking attacks. We can change the economics of hacking by making it more costly and time consuming by moving toward active defence and disrupting attackers while they are active.
About the author: Adrian Pickering is the Vice President, Middle East & Africa, Juniper Networks. Juniper Networks is a sponsor of the upcoming ITWeb Security Summit 2014 taking place at the Sandton Convention Centre from 27-29 May. Follow #itwebsec