Security markets: Fame to fortune

It used to be that computer attacks were perpetrated mostly for fame and recognition. In the last five years the motivation behind the majority of attacks seems to have shifted inexorably from fame to fortune. Parallel to this shift we are now witnessing the emergence of a new attack economy, an efficient multilayer marketplace for information security attacks.

I've heard many reports of the rise of organized cybercrime. This is a disturbing trend because it introduces better financing and more teamwork on the attacker side. But an even more disturbing trend is the emergence of a layer of increasingly sophisticated markets for trading information related or derived from cyberattacks.

In a way, cybercrime is following in the footsteps of any maturing industry. New industries start up as highly vertically integrated -- a single person or company creates an entire "value chain" from primary resources to the finished product. In the attack marketplaces, the primary resources are vulnerabilities and potential victims and the finished product is money or exploitable information (identities, compromised hosts). As with any new industry, the cybercrime industry started as a vertically integrated industry. Most often, the same person or organization discovers a vulnerability, creates exploit code and launches an attack against a specific target or against the Internet in general.

As industries mature, however, they gradually become less vertically integrated. Parts of the value chain break away and become specialized industries of their own. For example, tires used to be made by carmakers and then became a global industry. Each step in the supply chain becomes more and more specialized and focused, while markets and intermediaries emerge to trade amongst the newly created industries. So, car manufacturers buy steel and tires in open and competitive markets instead of making their own.

Cybercrime is undergoing this transformation and therefore appears to be coming of age. Several markets have emerged on various Web sites, Internet Relay Chat channels and chat rooms where attack information, code and identities are traded. Attackers are specializing and focusing on different steps of the attack value-chain: discovering vulnerabilities; writing exploit code; collecting and managing zombie armies; trading and exploiting identities. Each step in the value chain is bracketed by markets for the primary inputs and outpouts. For example, an exploit writer can buy several vulnerabilities, write exploit code for each and then bundle them into a packaged attack toolkit. In addition, shared code, libraries, toolkits and frameworks allow for rapid attack-application development.

With each step of an attack outsourced to different people the attack marketplace is becoming very dangerous. Market efficiencies are creating better opportunities for profit, easier laundering of information and an abundance of exploit innovation. Loosely coupled intermediaries can add value at each step without exposing themselves to as much risk as if they participated in the attack. Markets provide lubrication to the flow of attack information and isolation/compartmentalization of the various actors. Cybercrime has come of age.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andreas M. Antonopoulos

Network World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?