全球智库信息集成服务系统

The Hacking Community and Cyber Black Markets Are Growing and Maturing

• The cyber black market has evolved from a varied landscape of discrete, ad hoc individuals into a network of highly organized groups, often connected with traditional crime groups (e.g., drug cartels, mafias, terrorist cells) and nation-states.
• The cyber black market does not differ much from a traditional market or other typical criminal enterprises; participants communicate through various channels, place their orders, and get products.
• Its evolution mirrors the normal evolution of markets with both innovation and growth.
• For many, the cyber black market can be more profitable than the illegal drug trade.

These Cyber Black Markets Respond to Outside Forces

• As suspicion and "paranoia" spike because of an increase in recent takedowns, more transactions move to darknets; stronger vetting takes place; and greater encryption, obfuscation, and anonymization techniques are employed, restricting access to the most sophisticated parts of the black market.
• The proliferation of as-a-service and point-and-click interfaces lowers the cost to enter the market.
• Law enforcement efforts are improving as more individuals are technologically savvy; suspects are going after bigger targets, and thus are attracting more attention; and more crimes involve a digital component, giving law enforcement more opportunities to encounter crime in cyberspace.
• Still, the cyber black market remains resilient and is growing at an accelerated pace, continually getting more creative and innovative as defenses get stronger, law enforcement gets more sophisticated, and new exploitable technologies and connections appear in the world.
• Products can be highly customized, and players tend to be extremely specialized.

Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets for both tools (e.g., exploit kits) and take (e.g., credit card information). This report, part of a multiphase study on the future security environment, describes the fundamental characteristics of these markets and how they have grown into their current state to explain how their existence can harm the information security environment. Understanding the current and predicted landscape for these markets lays the groundwork for follow-on exploration of options to minimize the potentially harmful influence these markets impart. Experts agree that the coming years will bring more activity in darknets, more use of crypto-currencies, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions; that the ability to stage cyberattacks will likely outpace the ability to defend against them; that crime will increasingly have a networked or cyber component, creating a wider range of opportunities for black markets; and that there will be more hacking for hire, as-a-service offerings, and brokers. Experts disagree, however, on who will be most affected by the growth of the black market (e.g., small or large businesses, individuals), what products will be on the rise (e.g., fungible goods, such as data records and credit card information; non-fungible goods, such as intellectual property), or which types of attacks will be most prevalent (e.g., persistent, targeted attacks; opportunistic, mass "smash-and-grab" attacks).

• Chapter One

  Introduction and Research Methodology

• Chapter Two

  Characteristics of the Black Market

• Chapter Three

  The Black Market and Botnets

• Chapter Four

  Zero-Day Vulnerabilities in the Black and Gray Markets

• Chapter Five

  Are Hacker Black Markets Mature?

• Chapter Six

  Projections and Predictions for the Black Market

• Chapter Seven

  Conclusions

• Chapter Eight

  For Future Research

• Appendix A

  Text of the Black Market Timeline

• Appendix B

  Glossary