Click here to close now.



Welcome!

News Feed Item

First of Its Kind Economic Analysis of Cyber Black Market Reveals Unprecedented Global Maturity

New Juniper-Sponsored Research by RAND Corporation on Cyber Black Markets Finds a Mature Economy Mirroring the Innovation and Growth of a Free Market

SUNNYVALE, CA -- (Marketwired) -- 03/25/14 -- Juniper Networks (NYSE: JNPR), the industry leader in network innovation, finds the cyber black markets have a mature economy with characteristics akin to those of a thriving metropolitan city. A new global report, sponsored by Juniper Networks and conducted by the RAND Corporation, reveals several economic indicators that cyber black markets have reached unprecedented levels of maturity and growth.

While there has been significant research measuring different parts of the hacker black markets, RAND's report, "Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar," examines for the first time these markets in their entirety and applies economic analysis to better understand how they function. RAND found significant levels of economic sophistication, reliability, accessibility and resilience in the products, distribution channels and actors involved in the black markets.

RAND's report, confirmed by Juniper's vast experience in the network security ecosystem, suggests the cyber black markets are a mature and growing multi-billion-dollar economy with a robust infrastructure and social organization. RAND found these black markets, like any other economy, react to market forces like supply and demand, and continue to evolve.

News Highlights:
Juniper Networks likens the hacker black markets to a thriving metropolitan city with diverse communities, industries and interactions.

  • Storefronts - Like other forms of e-commerce, many data records, exploit kits and goods are bought and sold from storefronts -- which can encompass everything from instant messaging chat channels and forums to sophisticated stores. RAND found some organizations can reach 70 to 80,000 people, with a global footprint that brings in hundreds of millions of dollars.
  • Service Economy - RAND found that not only goods, but criminal services are available for purchase. These tools, sold on the black market as traditional software or leased like any other managed service, can help enable the most unskilled hackers to launch fairly elaborate and advanced attacks. For example, RAND found botnets, which can be used to launch a Distributed Denial of Service (DDoS) attack, are sold for as low as $50 for a 24-hour attack.
  • Hierarchal Society - Much like a legitimate business, RAND found it takes connections and relationships to move up the (cyber) food chain. Getting to the top requires personal connections and those at the top are making the lion's share of the money.
  • Rule of Law - There is indeed honor among thieves. RAND found many parts of the cyber black market are well structured, policed and have rules like a constitution. In addition, those who scam others are regularly banned or otherwise pushed off the market.
  • Education and Training - RAND identified widely available tools and resources on the black markets that teach criminals how to hack, including instructions for exploit kits and where to buy credit cards. This access to training has accelerated sophistication, a broader set of roles and has helped facilitate entry into the hacker economy.
  • Currencies - Transactions in the cyber black markets are often conducted by means of digital currencies. Bitcoin, Pecunix, AlertPay, PPcoin, Litecoin, Feathercoin, and Bitcoin extensions such as Zerocoin are a few. RAND found many criminal sites are starting to accept only digital crypto currencies due to their anonymity and security characteristics.
  • Diversity - While RAND found cybercriminals from China, Latin America and Eastern Europe are typically known for quantity in malware attacks, those from Russia tend to be thought of the leader in quality. RAND also found areas of expertise and focus among different countries. Many Vietnamese criminal groups, for example, mainly focus on e-commerce hacks. Cybercriminals from Russia, Romania, Lithuania and Ukraine focus on financial institutions. Many Chinese cybercriminals specialize in intellectual property. And U.S.-based cybercriminals primarily target U.S.-based financial systems. In addition to a diverse set of cybercriminals, RAND also found more cross-pollination between these groups than ever before.
  • Criminals - Even the criminal cyber black market has criminals. Known as "rippers," these specific bad guys do not provide the goods or services they claim.

The research report, "Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar," is based on in-depth interviews conducted by RAND between October and December 2013, with global experts who are currently or formerly involved in the market, including academics, security researchers, reporters, security vendors and law enforcement. It is the first of a series of reports from RAND that are sponsored by Juniper Networks.

Supporting Quotes:

"The security industry, government and legal communities must come together to establish new norms for how companies can more vigorously defend themselves against cyber-attacks. We must address the root cause behind the accelerated maturation of the cyber-crime market -- the very economics that drive its success. By disrupting the economics of hacking we can break the value chains that drive successful attacks. We must never lose the moral high ground, however, so we cannot go on the offensive and hack back, but we can no longer remain passive. By using forms of active defense such as intrusion deception we can identify, thwart and frustrate attackers. Active defense is a promising and exciting approach for addressing the rapidly evolving threat landscape."
- Nawaf Bitar, senior vice president and general manager, security business, Juniper Networks

Additional Resources

About Juniper Networks in Security
Juniper Networks builds secure and trusted networks with end-to-end security across every environment -- from the data center to campus and branch environments and to the device itself. Our security solutions give enterprise and service provider customers a competitive advantage as they set out to build the best networks on the planet.

About Juniper Networks
Juniper Networks (NYSE: JNPR) delivers innovation across routing, switching and security. From the network core down to consumer devices, Juniper Networks' innovations in software, silicon and systems transform the experience and economics of networking. Additional information can be found at Juniper Networks (www.juniper.net) or connect with Juniper on Twitter and Facebook.

Juniper Networks and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks and Junos logos are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Statements in this press release concerning Juniper Networks' prospects, future products and prospective benefits to customers are forward-looking statements that involve a number of uncertainties and risks. Actual results or events could differ materially from those anticipated in those forward-looking statements as a result of certain factors, including delays in scheduled product availability, the company's failure to accurately predict emerging technological trends, and other factors listed in Juniper Networks' most recent report on Form 10-K and 10-Q filed with the Securities and Exchange Commission. All statements made in this press release are made only as of the date of this press release. Juniper Networks undertakes no obligation to update the information in this release in the event facts or circumstances subsequently change after the date of this press release, except as required by applicable law. Any future product, feature, enhancement or related specification that may be referenced in this press release are for information purposes only, are subject to change at any time without notice and are not commitments to deliver any future product, feature, enhancement or related specification. The information contained in this press release is intended to outline Juniper Networks' general product direction and should not be relied on in making a purchasing decision.

Add to Digg Bookmark with del.icio.us Add to Newsvine

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
As enterprises work to take advantage of Big Data technologies, they frequently become distracted by product-level decisions. In most new Big Data builds this approach is completely counter-productive: it presupposes tools that may not be a fit for development teams, forces IT to take on the burden of evaluating and maintaining unfamiliar technology, and represents a major up-front expense. In his session at @BigDataExpo at @ThingsExpo, Andrew Warfield, CTO and Co-Founder of Coho Data, will dis...
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry's single source for the cloud. Fusion's advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including clou...
As someone who has been dedicated to automation and Application Release Automation (ARA) technology for almost six years now, one of the most common questions I get asked regards Platform-as-a-Service (PaaS). Specifically, people want to know whether release automation is still needed when a PaaS is in place, and why. Isn't that what a PaaS provides? A solution to the deployment and runtime challenges of an application? Why would anyone using a PaaS then need an automation engine with workflow ...
With the Apple Watch making its way onto wrists all over the world, it’s only a matter of time before it becomes a staple in the workplace. In fact, Forrester reported that 68 percent of technology and business decision-makers characterize wearables as a top priority for 2015. Recognizing their business value early on, FinancialForce.com was the first to bring ERP to wearables, helping streamline communication across front and back office functions. In his session at @ThingsExpo, Kevin Roberts...
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management...
Your business relies on your applications and your employees to stay in business. Whether you develop apps or manage business critical apps that help fuel your business, what happens when users experience sluggish performance? You and all technical teams across the organization – application, network, operations, among others, as well as, those outside the organization, like ISPs and third-party providers – are called in to solve the problem.
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
@DevOpsSummit taking place June 7-9, 2016 at Javits Center, New York City, and Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 18th International @CloudExpo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @DevOpsSummit at Cloud Expo New York Call for Papers is now open.
SYS-CON Events announced today that VAI, a leading ERP software provider, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. VAI (Vormittag Associates, Inc.) is a leading independent mid-market ERP software developer renowned for its flexible solutions and ability to automate critical business functions for the distribution, manufacturing, specialty retail and service sectors. An IBM Premier Business Part...
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed...
Let’s face it, embracing new storage technologies, capabilities and upgrading to new hardware often adds complexity and increases costs. In his session at 18th Cloud Expo, Seth Oxenhorn, Vice President of Business Development & Alliances at FalconStor, will discuss how a truly heterogeneous software-defined storage approach can add value to legacy platforms and heterogeneous environments. The result reduces complexity, significantly lowers cost, and provides IT organizations with improved effi...
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies adopt disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advanced analytics, and DevO...
SYS-CON Events announced today that Men & Mice, the leading global provider of DNS, DHCP and IP address management overlay solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. The Men & Mice Suite overlay solution is already known for its powerful application in heterogeneous operating environments, enabling enterprises to scale without fuss. Building on a solid range of diverse platform support,...
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
One of the bewildering things about DevOps is integrating the massive toolchain including the dozens of new tools that seem to crop up every year. Part of DevOps is Continuous Delivery and having a complex toolchain can add additional integration and setup to your developer environment. In his session at @DevOpsSummit at 18th Cloud Expo, Miko Matsumura, Chief Marketing Officer of Gradle Inc., will discuss which tools to use in a developer stack, how to provision the toolchain to minimize onboa...