Adrian PickeringAdrian Pickering


A recent sponsored report from the RAND Corporation reveals the world of cyber crime is complex and has developed into a fully functional market economy. RAND interviewed a number of global experts with involvement in black markets, across academics, security researchers, reporters, security vendors and law enforcement.

This report confirmed that black markets are a maturing, multibillion-dollar economy with robust infrastructure and social organisation. There are five key indicators across sophistication, specialisation, reliability, accessibility and resilience that are functional evidence of the economic maturity demonstrated by cyber black markets. Within these markets there are a wide set of tools and resources available to educate individuals on how to hack, which has resulted in accelerated sophistication and a broader set of roles within the economy.

Transactions in these markets are often conducted in digital currencies such as Bitcoin extensions, Feathercoin or AlertPay. The report describes the cyber black market as one that is well structured, policed, and has rules like a constitution. Yet, like any metropolitan city, even the cyber black market has its own criminals, called ‘rippers’, who do not provide the goods or services they claim.

Hierarchical structures are in place and are built on relationships where the most connected individuals are seen as experts and make the lion’s share of the money. Cross-pollination between cyber criminals results in areas of expertise residing across different countries.

So what now? The growing maturity of the hacker black markets is creating signifi cant challenges for companies and individuals. RAND believes the ability to attack will outpace the ability to defend. We need to change the economics of hacking and find ways to disrupt the value chains that result in successful attacks through the use of active defence, or actively identifying and disrupting attackers on corporate networks versus passively blocking attacks. We can change the economics of hacking by making it more costly and time-consuming by moving toward active defence and disrupting attackers while they are active.

About the author: is VP, Middle East & Africa at Juniper Networks. Juniper Networks is a sponsor of the upcoming ITWeb , taking place at the Sandton Convention Centre from 27-29 May. Follow #itwebsec