First large-scale market analysis of underground cybercrime economy

Cybercrime is easier to carry out as more and more online criminal services (commodities) become available. Delft University of Technology (TU Delft) researcher Rolf van Wegberg investigated the extent and growth of this specific online underground economy.

Commodities available on dark web underground markets, including malicious software that can be used for digital blackmail and credit card fraud, can lead to criminals outsourcing a part of their activities and resources. This could make it easier to carry out criminal activities and would further promote the growth of cybercrime. To map the volume and growth of such online criminal services, Rolf van Wegberg and his colleagues investigated the offers and transactions of eight online underground marketplaces. This is the first time that such a large-scale analysis of the online cybercrime economy has been undertaken. The researchers presented their results at the USENIX Security conference (Baltimore, 15-17 August 2018).

Researchers are seeing a growing commoditisation of cybercrime. In this context, commoditisation is the offering of skills and services by specialised parties in the underground economy, which end users can buy "off the shelf."

"This makes it possible for cybercriminals to outsource certain activities, which lowers the threshold for them entering into cybercrime," says researcher Rolf van Wegberg. "Being able to buy a certain service means you don't need to understand how it works to get down to business. You can go to a 'cybercrime IKEA,' as it were, to buy the package of your choice and put it together yourself."

Modest growth

"Together with colleagues from Carnegie Mellon University (CMU), we examined whether this commoditisation is growing at the rate feared. We examined six years of transaction data from eight online anonymous market places, from Silk Road to AlphaBay. Together, these cover a major part of this market. We did, in fact, see indications for commoditisation of all kinds of products and services, but certainly not for all. Not everything is for sale; as a cybercriminal, there is still a lot you have to do yourself. Moreover, the volume of trade is very limited, compared to the volume, for example, of the drugs trade on these markets. There is growth, but this growth is far more modest than we had anticipated. We estimate the total volume of cybercrime commodities on online anonymous marketplaces between 2011 and 2017 to be around $8 million."

Cash out

"Cash-out" services are the most frequently traded. The question behind every criminal business model is: How can you funnel your victim's money in a seemingly 'responsible' way? This is something every criminal entrepreneur needs to do, so it's only logical that the demand for this is high. It's all about go-betweens, money mules, bank accounts, Bitcoin exchange services and suchlike.

Van Wegberg says, "For the moment, the problem of commoditisation seems less bad than we had feared. Yet this sort of detailed information makes it possible to tackle the problem far more efficiently, now and in the future."

Also B2C

"We also looked at another phenomenon. Besides criminal providers who deal with other criminals (B2B), we are also finding a significant volume of retail cybercrime, in other words, directly to the end consumer (B2C). This involves such things as hacked Netflix of Spotify accounts. We estimate the total volume of this form of cybercrime on online anonymous market places between 2011 and 2017 to be around $7 million."