Academic
Publications
Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the UndergroundEconomy

Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the UndergroundEconomy,10.1007/978-1-4419-6967-5_3,Cormac Herley,Dinei Florênci

Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the UndergroundEconomy   (Citations: 5)
BibTex | RIS | RefWorks Download
The underground economy has attracted a lot of attention recently as a key component of cybercrime. In particular the IRC markets for stolen identities, phishing kits, botnets, and cybercrime related services have been extensively studied. It is suggested that sophisticated underground markets show great specialization and maturity. There are complex divisions of labor and service offerings for every need. Stolen credentials are traded in bulk for pennies on the dollar. It is suggested that large sums move on these markets. We argue that this makes very little sense. Using basic arguments from economics we show that the IRC markets studied represent classic examples of lemon markets. The ever-present rippers who cheat other participants ensure that the market cannot operate effectively. Their presence represents a tax on every transaction conducted in the market. Those who form gangs and alliances avoid this tax, enjoy a lower cost basis and higher profit. This suggests a two tier underground economy where organization is the route to profit. The IRC markets appear to be the lower tier, and are occupied by those without skills or alliances, newcomers, and those who seek to cheat them. The goods offered for sale there are those that are easy to acquire, but hard to monetize. We find that estimates of the size of the IRC markets are greatly exaggerated. Finally, we find that defenders recruit their own opponents by publicizing exaggerated estimates of the rewards of cybercrime. Those so recruited inhabit the lower tier; they produce very little profit, but contribute greatly to the externalities of cybercrime.
Published in 2010.
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...Although the money volume may be questioned [4], the activity is real...
    • ...In fact our own research has long concentrated in the several aspects of phishing, from prevention [13], [14], [15], to economic analysis [16], [4], to statistics and indirect implications [17], [18]...
    • ...In a previous study [4], we analyze the underground markets, and offer an explanation for why stolen credentials sell for pennies on the dollar...
    • ...Since numerous accounts indicate that credentials sell for only 5% or so of face value [3], [2], [4] there are clearly factors reducing the overall return...

    D. Florêncioet al. Phishing and money mules

    • ...Puzzle 2: Oered Prices, Not Transactions . A second puzzle is that the data collected are generally of prices oered, not of prices actually paid, which has led some researchers to question its relevance [15]...
    • ...Herley and Forencio argue that the prevalence of \rippers," participants in the market who cheat others by oering fradulent or lowquality goods, imposes a \tax" that drives down the price others are willing to pay [15]...
    • ...For example, Herley and Florencio note that giving up the password to a compromised account to allow checking that it has the amount of money advertised also gives someone the ability to clean out the account entirely [15]...
    • ...On the other hand, the markets easily discovered by the public may represent only the tip of the iceberg, while the high skill criminals trade elsewhere [15]...

    David Molnaret al. This is your data on drugs: lessons computer security can learn from t...

    • ...Interestingly, Herley and Florencio recently published work [4] that claims that the underground economy trading places are classic examples of lemon markets [5], i.e...

    Hanno Fallmannet al. Covertly Probing Underground Economy Marketplaces

    • ...Recently the distribution of spam via the botnets, vast armies of remotely controlled zombie-PCs has dramatically increased (Herley & Florencio 2008)...

    Natascha Chroboket al. Advantages and vulnerabilities of pull-based email-delivery

Sort by: