Blackhatnomics ™

Whenever I present publicly and discuss the underground I am without exception asked at some point about the realities associated with the economics which perpetuate its (the undergrounds) growth.  Often I pause and consider where to begin.   Do I start with a clever anecdote?  Maybe a well thought out analogy?  Should I cite statistics or estimations referenced by industry pundits and near do wells alike or establish a more basic, yet potentially impactful connection with the party asking the question by answering in a thoughtful candid manner?  For better or worse I tend to structure my answers to the environment and my surroundings.   Like Dr.Sheldon Cooper, my existence is a continuum – I remain what I am at each point within the appointed time period and see no reason to deviate from a system which works.   So I pause when asked and begin the descent into my answer, a descent which I have come to refer to as Blackhatnomics ™.  Blackhatnomics ™ is an important concept one which I have been formulating for some time.   Quite simply, as economics is the social science that analyzes the production, distribution, and consumption of goods and services, Blackhatnomics ™ is the social science that analyzes the emergence, production, distribution, sales, and consumption of goods and services associated with criminal actors in cyber space.   At the end of the day, this involves monetization of goods, services and in some cases simple access to parties or systems which can provide said goods and/or services within the cyber underworld.   In many cases these initial lines of questioning lead to more sophisticated voluminous bodies of questions.   Many times I am quietly surprised and driven to take note of the expressions which manifest on the faces of those present to the conversations.  I am particularly interested in the level of intrigue they display as I discuss the realities of economic evolution taking place within the underground, particularly that which involves the assemblage of true predatory entities which have entered the space changing the demographic for the foreseeable future.  

I’ll introduce terms and concepts such as market analysis, total addressable market (TAM), cost of goods sold, competitive analysis and market leadership.  To those fluent in the business world many of these terms are routine; pedestrian even.  To those studying cyberspace and the criminal elements which populate its underground, they take on an altogether new and interesting connotation.  Often times I’ll speak about the costs associated with a point of entry in local and global geo-theaters.  Many times this will lead to lines of questioning involving the realities of monetization of underground products and services, go to market models and strategy and of course revenue potential as it relates to geo-theater, goods or services sold and in ready supply in addition to the demand for such goods or services.  I’ll provide statistics (I like statistics and empirical evidence), suggesting the rate at which consumer markets within the underground are growing while suggesting that consumers  are ready; poised and empowered ,  shopping for the latest and greatest products, services or turnkey solutions in the underground just as they are in the traditional economic ecosystems.  Crimeware-as-a-Service (CaaS) is big business.  There is simply no denying this provided one takes the time to conduct the deep research required to familiarize oneself with these realities.  In fact researchers the world over recognize and know that these markets suggest naturally evolving patterns of competition, growth, evolution and innovation in addition to other behaviors such as direct and mass marketing against ones competition.  At this point the skepticism either subsides completely or appears more swiftly than flies to a barbeque.  Reality is often hard to accept and at times simply unbelievable.  It is at these times that I find the infusion of irrefutable facts to be most beneficial in dismissing doubts while providing a pragmatic approach to the topic. 

In its Annual 2009 report on cyber crime, the Internet Crime Complaint Center (IC3) stated that the total figure for loss, based on all referred cases received and studied by their team, was approximately $559.7 Million (United States Dollars).  The figure suggests that the IC3 saw an increase in loss of $295.1 Million (United States Dollars), an increase of more than two times of that which was studied in the their Annual 2008 report.  Data points such as these and others clearly demonstrate the emergence of patterns that cannot be disregarded.  Statistics such as this should aid in subsiding any doubts or suspicions that criminal activity associated with the cyber realm is both a reality and a key staple of modern criminal organizations.   From an analytic perspective it is extremely difficult to ignore these trends and contributing factors.  Consider the impact of globalization on these sub-economic markets, the growth rates associated with supply and demand, and the total addressable market, grasp the growth and desire to capitalize off these trends.

Technological maturity has advanced and as mentioned earlier, can be seen in everything from malicious code and content accompanied by well documented user guides and manuals to advanced support contracts and money back guarantees.   Competition and the natural characteristics of economics as Adam Smith commented in “The Wealth of Nations” depict the invisible hand of the market at work in the murky depths of the Internet and Wall Street.  These advancements have enabled and allowed for innovation in attack sophistication and discrimination of targets.  This is evidenced by the failure of certain key technologies utilized globally for the mitigation of threats and minimization of risk fail, as these campaigns mature, evolve, adapt and promote themselves.   New and advanced malicious code and content has emerged that often requires little, if any, interaction with their targets users.  Some however, cleverly target their victims under the guise of legitimate communications such as those associated with recent PDF vulnerabilities.  Hapless users innocently click on PDFs containing malicious payloads (effectively plug-n-play (PNP) malware) and embark on a journey of pwnage.  These attacks and others such as those related to obfuscated JavaScript, Fake A/V and Anti-Malware tools and corrupted executables have all come into prominence and are easily created and packaged utilizing simple tools, subscriptions, or other customized services. 

In summary, I believe that the following can and ought to be at the forefront of our analysis today, as well as in the future, as there is nothing to suggest that these trends will slow or subside.

·         Globalization – Supply and demand; the total addressable market is large, growing and full of parties ready to supply the demands being brought to market by others

·         Quality of Product & Services –  It’s no secret that both the quality of products and services have improved and continue to do so

·         Professionalism – It’s a brave new world filled with young Turks looking to make not only their mark but a living, this is something (profitability) that remains at the forefront of all illicit activity

·         Risk / reward ratio – Re-evaluation of business models, lines of business, and operations within the underworld can be noted with the advent of organized crime’s rise and interest in the cyber realm

·         Weak or unclear legislation—Localized and international policy and legislation is weak to say the very least.  Until this becomes non-marginalized, it will be incumbent upon individuals and organizations to take action

·         Qualification and articulation — Inability of private citizens, organizations and industry professionals

·         Interconnectivity – Mass availability of broadband technologies (fixed and mobile)