Security markets: Fame to fortune

It used to be that computer attacks were perpetrated mostly for fame and recognition. In the last five years the motivation behind the majority of attacks seems to have shifted inexorably from fame to fortune. Parallel to this shift we are now witnessing the emergence of a new attack economy, an efficient multilayer marketplace for information security attacks.

I've heard many reports of the rise of organized cybercrime. This is a disturbing trend because it introduces better financing and more teamwork on the attacker side. But an even more disturbing trend is the emergence of a layer of increasingly sophisticated markets for trading information related or derived from cyberattacks.

In a way, cybercrime is following in the footsteps of any maturing industry. New industries start up as highly vertically integrated -- a single person or company creates an entire "value chain" from primary resources to the finished product. In the attack marketplaces, the primary resources are vulnerabilities and potential victims and the finished product is money or exploitable information (identities, compromised hosts). As with any new industry, the cybercrime industry started as a vertically integrated industry. Most often, the same person or organization discovers a vulnerability, creates exploit code and launches an attack against a specific target or against the Internet in general.

As industries mature, however, they gradually become less vertically integrated. Parts of the value chain break away and become specialized industries of their own. For example, tires used to be made by carmakers and then became a global industry. Each step in the supply chain becomes more and more specialized and focused, while markets and intermediaries emerge to trade amongst the newly created industries. So, car manufacturers buy steel and tires in open and competitive markets instead of making their own.

Cybercrime is undergoing this transformation and therefore appears to be coming of age. Several markets have emerged on various Web sites, Internet Relay Chat channels and chat rooms where attack information, code and identities are traded. Attackers are specializing and focusing on different steps of the attack value-chain: discovering vulnerabilities; writing exploit code; collecting and managing zombie armies; trading and exploiting identities. Each step in the value chain is bracketed by markets for the primary inputs and outpouts. For example, an exploit writer can buy several vulnerabilities, write exploit code for each and then bundle them into a packaged attack toolkit. In addition, shared code, libraries, toolkits and frameworks allow for rapid attack-application development.

With each step of an attack outsourced to different people the attack marketplace is becoming very dangerous. Market efficiencies are creating better opportunities for profit, easier laundering of information and an abundance of exploit innovation. Loosely coupled intermediaries can add value at each step without exposing themselves to as much risk as if they participated in the attack. Markets provide lubrication to the flow of attack information and isolation/compartmentalization of the various actors. Cybercrime has come of age.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andreas M. Antonopoulos

Network World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?