Security markets: Fame to fortune

It used to be that computer attacks were perpetrated mostly for fame and recognition. In the last five years the motivation behind the majority of attacks seems to have shifted inexorably from fame to fortune. Parallel to this shift we are now witnessing the emergence of a new attack economy, an efficient multilayer marketplace for information security attacks.

I've heard many reports of the rise of organized cybercrime. This is a disturbing trend because it introduces better financing and more teamwork on the attacker side. But an even more disturbing trend is the emergence of a layer of increasingly sophisticated markets for trading information related or derived from cyberattacks.

In a way, cybercrime is following in the footsteps of any maturing industry. New industries start up as highly vertically integrated -- a single person or company creates an entire "value chain" from primary resources to the finished product. In the attack marketplaces, the primary resources are vulnerabilities and potential victims and the finished product is money or exploitable information (identities, compromised hosts). As with any new industry, the cybercrime industry started as a vertically integrated industry. Most often, the same person or organization discovers a vulnerability, creates exploit code and launches an attack against a specific target or against the Internet in general.

As industries mature, however, they gradually become less vertically integrated. Parts of the value chain break away and become specialized industries of their own. For example, tires used to be made by carmakers and then became a global industry. Each step in the supply chain becomes more and more specialized and focused, while markets and intermediaries emerge to trade amongst the newly created industries. So, car manufacturers buy steel and tires in open and competitive markets instead of making their own.

Cybercrime is undergoing this transformation and therefore appears to be coming of age. Several markets have emerged on various Web sites, Internet Relay Chat channels and chat rooms where attack information, code and identities are traded. Attackers are specializing and focusing on different steps of the attack value-chain: discovering vulnerabilities; writing exploit code; collecting and managing zombie armies; trading and exploiting identities. Each step in the value chain is bracketed by markets for the primary inputs and outpouts. For example, an exploit writer can buy several vulnerabilities, write exploit code for each and then bundle them into a packaged attack toolkit. In addition, shared code, libraries, toolkits and frameworks allow for rapid attack-application development.

With each step of an attack outsourced to different people the attack marketplace is becoming very dangerous. Market efficiencies are creating better opportunities for profit, easier laundering of information and an abundance of exploit innovation. Loosely coupled intermediaries can add value at each step without exposing themselves to as much risk as if they participated in the attack. Markets provide lubrication to the flow of attack information and isolation/compartmentalization of the various actors. Cybercrime has come of age.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andreas M. Antonopoulos

Network World
Show Comments

Father’s Day Gift Guide

Brand Post

Bitdefender 2019

Bitdefender’s best-in-class security solutions have been awarded Product of the Year. Get cybersecurity that 500 MILLION users already have and trust!

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?