Researchers investigate "internet black markets"

 

Gallery

By Matthew Sparkes

Posted on 17 Oct 2007 at 15:48

Carnegie Mellon researchers have identified a number of "internet black markets", where attackers sell viruses and stolen data to the highest bidder.

The researchers monitored the underground markets for more than seven months, and developed automated techniques to catalogue the activities of criminals who profit from spam, viruses and identity theft.

"These troublesome entrepreneurs even offer tech support and free updates for their malicious creations that run the gamut from denial of service attacks designed to overwhelm websites and servers to data stealing Trojan viruses," says Adrian Perrig, an associate professor of electrical and computer engineering at Carnegie Mellon University.

According to the team, a buyer will typically contact the black market vendor privately using email, or private instant message. Money then generally changes hands through non-bank payment services such as e-gold, making the criminals difficult to track.

In total the team says that 80,000 credit card numbers were offered for sale online in the seven month experiment, and estimates that the total value of illegal materials on offer in that same period was more than $37 million.

Intriguingly, the team suggest that the best way to deal with these black markets might be to undermine the seller's reputation, making buyers unsure of who to trust.

"Just like you need to verify that individuals are honest on Ebay, online criminals need to verify that they are dealing with 'honest' criminals," says Jason Franklin, a Carnegie Mellon researcher.

"By eliminating the verified status of the honest individuals, an attacker establishes a lemon market where buyers are unable to distinguish the quality of the goods or services."

One technique for doing this suggested by the team involves posing as a seller, but then not providing the service once payment has been made. By doing this, the researchers believe that the reputation of the market as a whole can be undermined.

"Such behaviour is known as 'ripping.' And it is the goal of all black market site's verification systems to minimise such behaviour," says Franklin.