Thursday, June 4, 2009

Cybercrime Doesn't Pay - Microsoft

Report: Cybercime Riches Are Hard To Come By
Researchers from Microsoft say stolen goods offered for sale in IRC channels are tough to monetize, and industry estimates of underground profits are "exaggerated"

By Kelly Jackson Higgins | DarkReading

Turns out the profitability of cybercrime may have been greatly exaggerated. According to a new report by two researchers for Microsoft's research organization, cybercrime doesn't equal easy money after all, despite findings to the contrary.

In their report, titled "Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the
Underground Economy," Microsoft researchers Cormac Herley and Dinei Florencio say it's a smaller population of more sophisticated and organized gangs of cybercriminals who come out ahead. "While there is a great deal of activity in the underground economy marketplace, it does not imply a lot of dollars change hands," they wrote in their paper. Lucrative cybercrime doesn't occur in the open IRC space because "rippers," or those who don't deliver the goods and services they "sell" there, damage the market, they say.

The researchers also took on security-vendor research (as well as that of Gartner) that estimates the value of the underground economy based on the price tags of wares sold via IRC: "We believe that anyone who shows up on an IRC channel hoping to trade profitably with anonymous partners is almost certain to be cheated. Thus, estimating the dollar size of the underground economy based on the asking price of goods and services advertised on IRC networks appears unsound," they say. "We find that the published estimates of the dollar value of underground economy IRC channels are exaggerated. They are derived by simply adding the unverified claims of anonymous channel participants (who include rippers). Those who lie most and exaggerate most affect the average most."  Continue Dark Reading



Much attention has been devoted recently to the underground economy, and in particular to the IRC markets for stolen identities, phishingkits, botnets, and cybercrime related services. It is suggested that
sophisticated underground markets show great specialization and maturity. There are complex divisions of labor and service offerings for every need. Stolen credentials are traded in bulk for pennies on the dollar. It is suggested that large sums move on these markets.

We argue that this makes very little sense. Using basic arguments from economics we show that the IRC
markets studied represent classic examples of lemon markets. The ever-present rippers who cheat other participants ensure that the market cannot operate effectively. Their presence represents a tax on every transaction. Those who form gangs and alliances avoid this tax, enjoy a lower cost basis and higher profit.

This suggests a two tier underground economy where organization is the route to profit. The IRC markets appear to be the lower tier, and are occupied by those without skills or alliances, newcomers, and those who seek to cheat them. The goods offered for sale on these markets are those that are easy to acquire, but hard to monetize. We find that estimates of the size of the IRC markets are enormously exaggerated. Finally, we find that defenders recruit their own opponents by publicizing exaggerated estimates of the rewards of cybercrime. Those so recruited inhabit the lower tier; they produce very little profit, but contribute greatly to the externalities of cybercrime.

Complete Report: PDF File




Reblog this post [with Zemanta]

Disqus for ePayment News