Framing Dependencies Introduced by Underground Commoditization
Venue
Workshop on the Economics of Information Security (2015)
Publication Year
2015
Authors
Kurt Thomas, Danny Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J. Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna
BibTeX
Abstract
Internet crime has become increasingly dependent on the underground economy: a
loose federation of specialists selling capabilities, services, and resources
explicitly tailored to the abuse ecosystem. Through these emerging markets, modern
criminal entrepreneurs piece together dozens of à la carte components into entirely
new criminal endeavors. From an abuse fighting perspective, criminal reliance on
this black market introduces fragile dependencies that, if disrupted, undermine
entire operations that as a composite appear intractable to protect against.
However, without a clear framework for examining the costs and infrastructure
behind Internet crime, it becomes impossible to evaluate the effectiveness of novel
intervention strategies. In this paper, we survey a wealth of existing research in
order to systematize the community’s understanding of the underground economy. In
the process, we develop a taxonomy of profit centers and support centers for
reasoning about the flow of capital (and thus dependencies) within the black
market. Profit centers represent activities that transfer money from victims and
institutions into the underground. These activities range from selling products to
unwitting customers (in the case of spamvertised products) to outright theft from
victims (in case of financial fraud). Support centers provide critical resources
that other miscreants request to streamline abuse. These include exploit kits,
compromised credentials, and even human services (e.g., manual CAPTCHA solvers)
that have no credible non-criminal applications. We use this framework to
contextualize the latest intervention strategies and their effectiveness. In the
end, we champion a drastic departure from solely focusing on protecting users and
systems (tantamount to a fire fight) and argue security practitioners must also
strategically disrupt frail underground relationships that underpin the entire
for-profit abuse ecosystem--including actors, infrastructure, and access to
capital.
