Slides Here: /redirect?v=GP61zSYpqdc&event=video_description&redir_token=Df0u4ysGAnf6vdUNXvPKobH76yR8MTUzNzM5NjcxN0AxNTM3MzEwMzE3&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FHolt-Smirnova-Chua%2FDEFCON-22-Holt-Smirnova-Chua-Stolen-Data-Markets-Updated.pdf
Stolen Data Markets: An Economic and Organizational Assessment
Tom Holt ASSOCIATE PROFESSOR, MICHIGAN STATE UNIVERSITY
Olga Smirnova ASSISTANT PROFESSOR, EASTERN CAROLINA UNIVERSITY
Yi-Ting Chua MICHIGAN STATE UNIVERSITY
Since the TJX corporation revealed a massive data breach in 2007, incidents of mass data compromise have grabbed media attention. The substantial loss of customer data and resulting fraud have seemingly become more common, including the announcement of the Target and Neiman Marcus compromises in 2013. As a result, the social and technical sciences are increasingly examining the market for data resale which is driven in part by these data breaches. This research is increasingly driven by assessments of web forum-based markets with varying depth of content and representativeness. As a result, there is a great deal of speculation about the profit margins and economy for stolen data. Researchers rarely provide metrics for the cost of various products, and some argue that the type of forum analyzed may provide inaccurate data on the costs of information. In fact, Herley and Florencio argue that open forums are largely a lemon market, where advertised costs are low but the risk of loss is quite high. Similarly, there is limited research considering the organizational structure of actors in the marketplace. Some in the media use the terms gangs or mafias to refer to the thieves and data sellers who acquire information, but this may not accurate reflect the realities of the relationships between buyers, sellers, moderators, and others who facilitate transactions.
This presentation will explore the economy and organizational composition of stolen data markets through qualitative and quantitative analyses of a sample of threads from 13 Russian and English language forums involved in the sale of stolen data. We present estimates for the costs of various forms of data, and examine the relationship between various social and market conditions and the advertised price for dumps and other financial data. The findings support the argument that higher risk conditions within a forum are associated with lower prices for data, while more legitimate and organized markets have higher prices. In addition, the organizational composition of the market are explored using a qualitative analysis which finds that the markets are primarily collegial in nature at the individual level, enabling individuals to work together in order to facilitate transactions. There is also a distinct division of labor between participants on the basis of the products sold and skill sets available and some evidence of long-term market stability on the basis of managerial structures and time in operation. Finally, quantitative social network analysis techniques are applied to this sample of forums to assess network density, user centrality, and the resiliency of the network structures observed. The policy implications of this study for consumers, law enforcement, and security analysts will be discussed in depth to provide improved mechanisms for the disruption and takedown of stolen data markets globally.