Security markets: Fame to fortune

It used to be that computer attacks were perpetrated mostly for fame and recognition. In the last five years the motivation behind the majority of attacks seems to have shifted inexorably from fame to fortune. Parallel to this shift we are now witnessing the emergence of a new attack economy, an efficient multilayer marketplace for information security attacks.

I've heard many reports of the rise of organized cybercrime. This is a disturbing trend because it introduces better financing and more teamwork on the attacker side. But an even more disturbing trend is the emergence of a layer of increasingly sophisticated markets for trading information related or derived from cyberattacks.

In a way, cybercrime is following in the footsteps of any maturing industry. New industries start up as highly vertically integrated -- a single person or company creates an entire "value chain" from primary resources to the finished product. In the attack marketplaces, the primary resources are vulnerabilities and potential victims and the finished product is money or exploitable information (identities, compromised hosts). As with any new industry, the cybercrime industry started as a vertically integrated industry. Most often, the same person or organization discovers a vulnerability, creates exploit code and launches an attack against a specific target or against the Internet in general.

As industries mature, however, they gradually become less vertically integrated. Parts of the value chain break away and become specialized industries of their own. For example, tires used to be made by carmakers and then became a global industry. Each step in the supply chain becomes more and more specialized and focused, while markets and intermediaries emerge to trade amongst the newly created industries. So, car manufacturers buy steel and tires in open and competitive markets instead of making their own.

Cybercrime is undergoing this transformation and therefore appears to be coming of age. Several markets have emerged on various Web sites, Internet Relay Chat channels and chat rooms where attack information, code and identities are traded. Attackers are specializing and focusing on different steps of the attack value-chain: discovering vulnerabilities; writing exploit code; collecting and managing zombie armies; trading and exploiting identities. Each step in the value chain is bracketed by markets for the primary inputs and outpouts. For example, an exploit writer can buy several vulnerabilities, write exploit code for each and then bundle them into a packaged attack toolkit. In addition, shared code, libraries, toolkits and frameworks allow for rapid attack-application development.

With each step of an attack outsourced to different people the attack marketplace is becoming very dangerous. Market efficiencies are creating better opportunities for profit, easier laundering of information and an abundance of exploit innovation. Loosely coupled intermediaries can add value at each step without exposing themselves to as much risk as if they participated in the attack. Markets provide lubrication to the flow of attack information and isolation/compartmentalization of the various actors. Cybercrime has come of age.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andreas M. Antonopoulos

Network World
Show Comments



Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?