Framing Dependencies Introduced by Underground Commoditization

Danny Huang
David Wang
Chris Grier
Thomas J. Holt
Christopher Kruegel
Damon McCoy
Stefan Savage
Giovanni Vigna
Workshop on the Economics of Information Security (2015)
Google Scholar

Abstract

Internet crime has become increasingly dependent on the underground economy: a loose federation of specialists selling capabilities, services, and resources explicitly tailored to the abuse ecosystem. Through these emerging markets, modern criminal entrepreneurs piece together dozens of à la carte components into entirely new criminal endeavors. From an abuse fighting perspective, criminal reliance on this black market introduces fragile dependencies that, if disrupted, undermine entire operations that as a composite appear intractable to protect against. However, without a clear framework for examining the costs and infrastructure behind Internet crime, it becomes impossible to evaluate the effectiveness of novel intervention strategies.

In this paper, we survey a wealth of existing research in order to systematize the community’s understanding of the underground economy. In the process, we develop a taxonomy of profit centers and support centers for reasoning about the flow of capital (and thus dependencies) within the black market. Profit centers represent activities that transfer money from victims and institutions into the underground. These activities range from selling products to unwitting customers (in the case of spamvertised products) to outright theft from victims (in case of financial fraud). Support centers provide critical resources that other miscreants request to streamline abuse. These include exploit kits, compromised credentials, and even human services (e.g., manual CAPTCHA solvers) that have no credible non-criminal applications. We use this framework to contextualize the latest intervention strategies and their effectiveness. In the end, we champion a drastic departure from solely focusing on protecting users and systems (tantamount to a fire fight) and argue security practitioners must also strategically disrupt frail underground relationships that underpin the entire for-profit abuse ecosystem--including actors, infrastructure, and access to capital.