First large-scale market analysis of underground cybercrime economy

August 21, 2018, Delft University of Technology
Credit: CC0 Public Domain

Cybercrime is easier to carry out as more and more online criminal services (commodities) become available. Delft University of Technology (TU Delft) researcher Rolf van Wegberg investigated the extent and growth of this specific online underground economy.

Commodities available on dark web underground markets, including malicious software that can be used for digital blackmail and , can lead to criminals outsourcing a part of their activities and resources. This could make it easier to carry out criminal activities and would further promote the growth of cybercrime. To map the volume and growth of such online criminal services, Rolf van Wegberg and his colleagues investigated the offers and transactions of eight online underground marketplaces. This is the first time that such a large-scale analysis of the online cybercrime economy has been undertaken. The researchers presented their results at the USENIX Security conference (Baltimore, 15-17 August 2018).

Researchers are seeing a growing commoditisation of cybercrime. In this context, commoditisation is the offering of skills and services by specialised parties in the underground economy, which end users can buy "off the shelf."

"This makes it possible for cybercriminals to outsource certain activities, which lowers the threshold for them entering into cybercrime," says researcher Rolf van Wegberg. "Being able to buy a certain service means you don't need to understand how it works to get down to business. You can go to a 'cybercrime IKEA,' as it were, to buy the package of your choice and put it together yourself."

Modest growth

"Together with colleagues from Carnegie Mellon University (CMU), we examined whether this commoditisation is growing at the rate feared. We examined six years of transaction data from eight online anonymous market places, from Silk Road to AlphaBay. Together, these cover a major part of this market. We did, in fact, see indications for commoditisation of all kinds of products and services, but certainly not for all. Not everything is for sale; as a cybercriminal, there is still a lot you have to do yourself. Moreover, the volume of trade is very limited, compared to the volume, for example, of the drugs trade on these markets. There is growth, but this growth is far more modest than we had anticipated. We estimate the total volume of cybercrime commodities on online anonymous marketplaces between 2011 and 2017 to be around $8 million."

Cash out

"Cash-out" services are the most frequently traded. The question behind every criminal business model is: How can you funnel your victim's money in a seemingly 'responsible' way? This is something every criminal entrepreneur needs to do, so it's only logical that the demand for this is high. It's all about go-betweens, money mules, bank accounts, Bitcoin exchange services and suchlike.

Van Wegberg says, "For the moment, the problem of commoditisation seems less bad than we had feared. Yet this sort of detailed information makes it possible to tackle the problem far more efficiently, now and in the future."

Also B2C

"We also looked at another phenomenon. Besides criminal providers who deal with other criminals (B2B), we are also finding a significant volume of retail cybercrime, in other words, directly to the end consumer (B2C). This involves such things as hacked Netflix of Spotify accounts. We estimate the total volume of this form of on online anonymous market places between 2011 and 2017 to be around $7 million."

Explore further: Global cybercrime costs $600 bn annually: study

More information: 'Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets' Rolf van Wegberg, Samaneh Tajalizadehkhoob, Kyle Soska, Ugur Akyazi, Carlos Gañán, Bram Klievink, Nicolas Christin, and Michel van Eeten

Related Stories

Global cybercrime costs $600 bn annually: study

February 21, 2018

The annual cost of cybercrime has hit $600 billion worldwide, fueled by growing sophistication of hackers and proliferation of criminal marketplaces and cryptocurrencies, researchers said Wednesday.

In the web's hidden darknet, criminal enterprise is thriving

October 3, 2014

Criminals have always done their best to use new technology to their advantage and the rapid development of new digital technologies and online markets has provided the criminal entrepreneur with as much opportunity for innovation ...

Recommended for you

What happened before the Big Bang?

March 26, 2019

A team of scientists has proposed a powerful new test for inflation, the theory that the universe dramatically expanded in size in a fleeting fraction of a second right after the Big Bang. Their goal is to give insight into ...

Probiotic bacteria evolve inside mice's GI tracts

March 26, 2019

Probiotics—which are living bacteria taken to promote digestive health—can evolve once inside the body and have the potential to become less effective and sometimes even harmful, according to a new study from Washington ...

Cellular microRNA detection with miRacles

March 26, 2019

MicroRNAs (miRNAs) are short noncoding regulatory RNAs that can repress gene expression post-transcriptionally and are therefore increasingly used as biomarkers of disease. Detecting miRNAs can be arduous and expensive as ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.