Print Email Facebook Twitter Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets Title Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets Author van Wegberg, R.S. (TU Delft Organisation and Governance) Tajalizadehkhoob, S. (TU Delft Organisation and Governance) Soska, Kyle (Carnegie Mellon University) Akyazi, U. (TU Delft Organisation and Governance) Hernandez Ganan, C. (TU Delft Organisation and Governance) Klievink, A.J. (TU Delft Organisation and Governance) Christin, Nicolas (Carnegie Mellon University) van Eeten, M.J.G. (TU Delft Organisation and Governance) Date 2018 Abstract Researchers have observed the increasing commoditization of cybercrime, that is, the offering of capabilities, services, and resources as commodities by specialized suppliers in the underground economy. Commoditization enables outsourcing, thus lowering entry barriers for aspiring criminals, and potentially driving further growth in cybercrime. While there is evidence in the literature of specific examples of cybercrime commoditization, the overall phenomenon is much less understood. Which parts of cybercrime value chains are successfully commoditized, and which are not? What kind of revenue do criminal business-to-business (B2B) services generate and how fast are they growing? We use longitudinal data from eight online anonymous marketplaces over six years, from the original Silk Road to AlphaBay, and track the evolution of commoditization on these markets. We develop a conceptual model of the value chain components for dominant criminal business models. We then identify the market supply for these components over time. We find evidence of commoditization in most components, but the outsourcing options are highly restricted and transaction volume is often modest. Cash-out services feature the most listings and generate the largest revenue. Consistent with behavior observed in the context of narcotic sales, we also find a significant amount of revenue in retail cybercrime, i.e., business-to-consumer (B2C) rather than business to-business. We conservatively estimate the overall revenue for cybercrime commodities on online anonymous markets to be at least US $15M between 2011-2017. While there is growth, commoditization is a spottier phenomenon than previously assumed. Subject Cybercrimecommodizationonline anonymous marketplacesdarknetmalicious software To reference this document use: http://resolver.tudelft.nl/uuid:fc38dcc0-c3b9-404e-8c12-f71ac5b4130d Publisher USENIX Association ISBN 978-1-931971-46-1 Source Proceedings of the 27th USENIX Security Symposium Event 27th USENIX Security Symposium, 2018-08-15 → 2018-08-17, Baltimore, United States Part of collection Institutional Repository Document type conference paper Rights © 2018 R.S. van Wegberg, S. Tajalizadehkhoob, Kyle Soska, U. Akyazi, C. Hernandez Ganan, A.J. Klievink, Nicolas Christin, M.J.G. van Eeten Files PDF sec18_van_wegberg.pdf 1.23 MB Close viewer /islandora/object/uuid:fc38dcc0-c3b9-404e-8c12-f71ac5b4130d/datastream/OBJ/view