Welcome!

News Feed Item

First of Its Kind Economic Analysis of Cyber Black Market Reveals Unprecedented Global Maturity

New Juniper-Sponsored Research by RAND Corporation on Cyber Black Markets Finds a Mature Economy Mirroring the Innovation and Growth of a Free Market

SUNNYVALE, CA -- (Marketwired) -- 03/25/14 -- Juniper Networks (NYSE: JNPR), the industry leader in network innovation, finds the cyber black markets have a mature economy with characteristics akin to those of a thriving metropolitan city. A new global report, sponsored by Juniper Networks and conducted by the RAND Corporation, reveals several economic indicators that cyber black markets have reached unprecedented levels of maturity and growth.

While there has been significant research measuring different parts of the hacker black markets, RAND's report, "Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar," examines for the first time these markets in their entirety and applies economic analysis to better understand how they function. RAND found significant levels of economic sophistication, reliability, accessibility and resilience in the products, distribution channels and actors involved in the black markets.

RAND's report, confirmed by Juniper's vast experience in the network security ecosystem, suggests the cyber black markets are a mature and growing multi-billion-dollar economy with a robust infrastructure and social organization. RAND found these black markets, like any other economy, react to market forces like supply and demand, and continue to evolve.

News Highlights:
Juniper Networks likens the hacker black markets to a thriving metropolitan city with diverse communities, industries and interactions.

  • Storefronts - Like other forms of e-commerce, many data records, exploit kits and goods are bought and sold from storefronts -- which can encompass everything from instant messaging chat channels and forums to sophisticated stores. RAND found some organizations can reach 70 to 80,000 people, with a global footprint that brings in hundreds of millions of dollars.
  • Service Economy - RAND found that not only goods, but criminal services are available for purchase. These tools, sold on the black market as traditional software or leased like any other managed service, can help enable the most unskilled hackers to launch fairly elaborate and advanced attacks. For example, RAND found botnets, which can be used to launch a Distributed Denial of Service (DDoS) attack, are sold for as low as $50 for a 24-hour attack.
  • Hierarchal Society - Much like a legitimate business, RAND found it takes connections and relationships to move up the (cyber) food chain. Getting to the top requires personal connections and those at the top are making the lion's share of the money.
  • Rule of Law - There is indeed honor among thieves. RAND found many parts of the cyber black market are well structured, policed and have rules like a constitution. In addition, those who scam others are regularly banned or otherwise pushed off the market.
  • Education and Training - RAND identified widely available tools and resources on the black markets that teach criminals how to hack, including instructions for exploit kits and where to buy credit cards. This access to training has accelerated sophistication, a broader set of roles and has helped facilitate entry into the hacker economy.
  • Currencies - Transactions in the cyber black markets are often conducted by means of digital currencies. Bitcoin, Pecunix, AlertPay, PPcoin, Litecoin, Feathercoin, and Bitcoin extensions such as Zerocoin are a few. RAND found many criminal sites are starting to accept only digital crypto currencies due to their anonymity and security characteristics.
  • Diversity - While RAND found cybercriminals from China, Latin America and Eastern Europe are typically known for quantity in malware attacks, those from Russia tend to be thought of the leader in quality. RAND also found areas of expertise and focus among different countries. Many Vietnamese criminal groups, for example, mainly focus on e-commerce hacks. Cybercriminals from Russia, Romania, Lithuania and Ukraine focus on financial institutions. Many Chinese cybercriminals specialize in intellectual property. And U.S.-based cybercriminals primarily target U.S.-based financial systems. In addition to a diverse set of cybercriminals, RAND also found more cross-pollination between these groups than ever before.
  • Criminals - Even the criminal cyber black market has criminals. Known as "rippers," these specific bad guys do not provide the goods or services they claim.

The research report, "Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar," is based on in-depth interviews conducted by RAND between October and December 2013, with global experts who are currently or formerly involved in the market, including academics, security researchers, reporters, security vendors and law enforcement. It is the first of a series of reports from RAND that are sponsored by Juniper Networks.

Supporting Quotes:

"The security industry, government and legal communities must come together to establish new norms for how companies can more vigorously defend themselves against cyber-attacks. We must address the root cause behind the accelerated maturation of the cyber-crime market -- the very economics that drive its success. By disrupting the economics of hacking we can break the value chains that drive successful attacks. We must never lose the moral high ground, however, so we cannot go on the offensive and hack back, but we can no longer remain passive. By using forms of active defense such as intrusion deception we can identify, thwart and frustrate attackers. Active defense is a promising and exciting approach for addressing the rapidly evolving threat landscape."
- Nawaf Bitar, senior vice president and general manager, security business, Juniper Networks

Additional Resources

About Juniper Networks in Security
Juniper Networks builds secure and trusted networks with end-to-end security across every environment -- from the data center to campus and branch environments and to the device itself. Our security solutions give enterprise and service provider customers a competitive advantage as they set out to build the best networks on the planet.

About Juniper Networks
Juniper Networks (NYSE: JNPR) delivers innovation across routing, switching and security. From the network core down to consumer devices, Juniper Networks' innovations in software, silicon and systems transform the experience and economics of networking. Additional information can be found at Juniper Networks (www.juniper.net) or connect with Juniper on Twitter and Facebook.

Juniper Networks and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks and Junos logos are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Statements in this press release concerning Juniper Networks' prospects, future products and prospective benefits to customers are forward-looking statements that involve a number of uncertainties and risks. Actual results or events could differ materially from those anticipated in those forward-looking statements as a result of certain factors, including delays in scheduled product availability, the company's failure to accurately predict emerging technological trends, and other factors listed in Juniper Networks' most recent report on Form 10-K and 10-Q filed with the Securities and Exchange Commission. All statements made in this press release are made only as of the date of this press release. Juniper Networks undertakes no obligation to update the information in this release in the event facts or circumstances subsequently change after the date of this press release, except as required by applicable law. Any future product, feature, enhancement or related specification that may be referenced in this press release are for information purposes only, are subject to change at any time without notice and are not commitments to deliver any future product, feature, enhancement or related specification. The information contained in this press release is intended to outline Juniper Networks' general product direction and should not be relied on in making a purchasing decision.

Add to Digg Bookmark with del.icio.us Add to Newsvine

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
WebRTC sits at the intersection between VoIP and the Web. As such, it poses some interesting challenges for those developing services on top of it, but also for those who need to test and monitor these services. In his session at WebRTC Summit, Tsahi Levent-Levi, co-founder of testRTC, reviewed the various challenges posed by WebRTC when it comes to testing and monitoring and on ways to overcome them.
Every successful software product evolves from an idea to an enterprise system. Notably, the same way is passed by the product owner's company. In his session at 20th Cloud Expo, Oleg Lola, CEO of MobiDev, will provide a generalized overview of the evolution of a software product, the product owner, the needs that arise at various stages of this process, and the value brought by a software development partner to the product owner as a response to these needs.
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive ad...
WebRTC services have already permeated corporate communications in the form of videoconferencing solutions. However, WebRTC has the potential of going beyond and catalyzing a new class of services providing more than calls with capabilities such as mass-scale real-time media broadcasting, enriched and augmented video, person-to-machine and machine-to-machine communications. In his session at @ThingsExpo, Luis Lopez, CEO of Kurento, introduced the technologies required for implementing these idea...
Enterprise networks are complex. Moreover, they were designed and deployed to meet a specific set of business requirements at a specific point in time. But, the adoption of cloud services, new business applications and intensifying security policies, among other factors, require IT organizations to continuously deploy configuration changes. Therefore, enterprises are looking for better ways to automate the management of their networks while still leveraging existing capabilities, optimizing perf...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web co...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develop...
While not quite mainstream yet, WebRTC is starting to gain ground with Carriers, Enterprises and Independent Software Vendors (ISV’s) alike. WebRTC makes it easy for developers to add audio and video communications into their applications by using Web browsers as their platform. But like any market, every customer engagement has unique requirements, as well as constraints. And of course, one size does not fit all. In her session at WebRTC Summit, Dr. Natasha Tamaskar, Vice President, Head of C...
The idea behind this session is my blog post - 5 Logstash Alternatives - which is unfortunately too short to do the presented log shippers justice. In his session at @DevOpsSummit at 20th Cloud Expo, Radu Gheorghe, Software Engineer at Sematext Group, will talk more about the things that matter: kinds of buffers, protocols, ways of parsing, correlating and de-duplicating messages, as well as supported inputs and outputs. And of course performance. All this should let you know which log shipper...
"We are an all-flash array storage provider but our focus has been on VM-aware storage specifically for virtualized applications," stated Dhiraj Sehgal of Tintri in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Who are you? How do you introduce yourself? Do you use a name, or do you greet a friend by the last four digits of his social security number? Assuming you don’t, why are we content to associate our identity with 10 random digits assigned by our phone company? Identity is an issue that affects everyone, but as individuals we don’t spend a lot of time thinking about it. In his session at @ThingsExpo, Ben Klang, Founder & President of Mojo Lingo, discussed the impact of technology on identity. Sho...
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed ...
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...