By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
In the early days of the Internet, hackers typically operated alone as maverick entities, often subverting the rules for the simple fun of doing so. Around the early 2000s, hackers began forming organized groups, and they could take advantage of easily accessible tutorials and training resources to help hone their craft.
Today, some hackers even operate as part of global organizations that are sophisticated, knowledgeable, and increasingly dangerous. By some accounts, the “Cyber Black Market” yields more profits than the global illegal drug trade, meaning it’s larger than many of the multi-national corporations currently listed on the Nasdaq. Here’s a look at the inner workings of the cyber black market and the potential ramifications for the Web at large.
Massive Attacks Highlight the Dangers of Hackers
Just for some context, here’s a brief timeline of some major hacking events: In 1998, the public was shocked to find that hackers hit a total of 300 political websites. Less than ten years later, hackers were operating on a staggering scale that made 300 web pages seem paltry. In 2006, more than 20 million AOL web inquiries were publicly posted online. These included private banking and shopping data from users. In 2007, hackers stole nearly $1 million from a Swedish bank. In 2008, Heartland’s data systems were hacked, exposing 143 million credit card numbers.
Rather than slowing down in the face of evolving security measures, these attacks only seem to have grown in their scope and scale. In 2013, an Evernote hack affected 50 million users. An Adobe hack breached 150 million records. During the 2013 holiday season, 40 million credit card numbers were stolen from Target shoppers before the retailer eradicated the malware. These examples demonstrate again and again that consumers can never be too careful with their data.
Where Stolen Data Goes
Hackers have many avenues for obtaining valuable data that includes credit card numbers, bank account numbers, and passwords. And in today’s cyber black market, the hackers who steal your data aren’t necessarily the same ones who put it to use. There’s a thriving market for selling your information, and the hacker only needs to steal the information and sell it to the highest bidder to make a profit.
Numerous underground websites exist where criminals can sell your data for a neat profit. And with the advent of cryptocurrencies like BitCoin, the hacker’s clients can transfer money without providing any personal data, making these currencies ideal for illegal transactions in this market. In this way, the cyber black market has grown to operate worldwide with buyers and sellers spanning the globe.
Other Valuable Commodities on the Black Market
Data isn’t the only commodity for sale on the black market. Hackers can also profit from creating the malware that’s used to mine the data. In this way, some cyber criminals can profit from programs they neither execute nor gather data from; rather, they code these programs and put them up for sale.
Viruses, worms, bots, and other types of malware are in high demand on the black market. While anti-malware protection programs are evolving to offer better protection, hackers are also evolving, finding new and creative ways to work around these programs.
Malware developers sell their programs on the black market with many of the same marketing techniques that legal developers use. They may offer discounts on bulk purchases, service guarantees, and special promotions. Demos are often available to show the value of a given program.
Criminals will find a variety of tools for sale on the black market. Some options include:
- Toolkits that help hackers steal login information
- Access to hijacked computer networks
- Spear phishing services that trick users into opening viruses sent via email
- Zero day exploits that buyers can use only once
Cyber criminals are some of the biggest buyers on the black market, but they aren’t the only ones shopping. The National Security Agency (NSA) is believed to be one of the biggest buyers of zero day exploits. Zero days are attacks that exploit a previously unknown weakness in an application.
These are often sold on a kind of grey market that’s not clearly illegal but not openly run, either. It’s speculated that the NSA may purchase zero days for use in the organization’s espionage efforts. A single zero day can sell for as much as $300,000.
The Market for Cybercrime
The cyber black market is thriving, giving computer savvy professionals plenty of incentives to go to the dark side. While software vendors pay a bug bounty for anyone who discovers a weakness, the sum offered is only a fraction of what hackers could make by exploiting it.
Verisign and HP pay up to $10,000 for bug bounties. Meanwhile, hackers can earn over $100,000 for selling zero day exploits on the black market. A RAND study stated that the cyber black market is potentially more profitable than the illegal drug trade.
Efforts to Stop Cybercrime
Though law enforcement officials are trying to shut down the cyber black market, this has proven exceedingly difficult. The tech-savvy criminals respond to these efforts by simply tightening their own security. Many markets now interact only with trusted customers. While some marketplaces are easily found, others are very carefully protected.
When a single supplier is successfully taken off the cyber black market, another simply moves in to fill the space. The marketplace is extremely resilient, making it a major threat that consumers should be prepared to deal with well into the future.
Protecting Yourself from Cybercrime
Cybercrime won’t be eradicated any time in the near future, so it’s important for you to take action and protect yourself from hacking attacks. The FBI recommends that Internet users take certain precautions to avoid these malicious hackers. Some excellent precautionary measures include:
- Maintaining a firewall that is turned on at all times
- Installing and regularly updating antivirus software
- Installing and regularly updating anti-spyware technology
- Updating operating systems regularly
- Making regular use of a good VPN when operating on public wi-fi
You should also be aware of the many tricks that cyber criminals use to steal your data. Never open suspicious emails. If you open an email and it asks you download an attachment or follow a link, never do so unless you know the sender. If you know the sender, but the email seems suspicious, contact them through another method, such as by phone, to verify that they actually sent the message. Turn off your computer when you’re not using it. Avoid using public WiFi as often as possible.
The cyber black market is a frightening reality that Internet users must face. While the presence of this underground network of cyber criminals does pose a danger to your personal data, you can minimize much of the threat by keeping up with the latest trends in cyber security and taking the appropriate actions to keep your information safe.