Cybercrime is easier to carry out as more and more online criminal services (commodities) become available. TU Delft researcher Rolf van Wegberg investigated the extent and growth of this specific online underground economy.

The online availability of commodities on underground markets on the dark web, such as malicious software that can be used for digital blackmail and credit card fraud – can lead to criminals outsourcing a part of their activities and resources. This could make it easier to carry out criminal activities and would further promote the growth of cybercrime.

To map the volume and growth of this kind of online criminal services, Rolf van Wegberg and his colleagues investigated the offers and transactions of eight online underground marketplaces. This is the first time that such a large-scale analysis of the online cybercrime economy has been undertaken. The researchers presented their results at the USENIX Security conference (Baltimore, 15-17 August 2018).


Researchers are seeing a growing commoditisation of cybercrime. In this context, commoditisation is the offering of skills and services by specialised parties in the underground economy, which end users can buy ‘off the shelf’. "This makes it possible for cybercriminals to outsource certain activities, which lowers the threshold for them entering into cybercrime", says researcher Rolf van Wegberg. "Being able to buy a certain service means you don't need to understand how it works to get down to business. You can go to a ‘cybercrime IKEA’ as it were to buy the package of your choice and put it together yourself." 

Modest growth

"Together with colleagues from Carnegie Mellon University (CMU), we examined whether this commoditisation is growing at the rate which was feared. We examined six years of transaction data from eight online anonymous market places, from Silk Road to AlphaBay. Together these cover a major part of this market."

"We did in fact see indications for commoditisation of all kinds of products and services, but certainly not for all. Not everything is for sale; as a cybercriminal there is still a lot you have to do yourself. Moreover, the volume of trade is very limited, compared to the volume, for example, of the drugs trade on these markets. There is growth, but this growth is far more modest than we had anticipated. We estimate the total volume of cybercrime commodities on online anonymous market places between 2011 and 2017 to be around eight million dollars."


'Cash-out' services are the most frequently traded. The question behind every criminal business model is: how can you funnel your victim's money in a ‘responsible’ way? This is something every criminal entrepreneur needs to do, so it's only logical that the demand for this is high. It's all about go-betweens, money mules, bank accounts, Bitcoin exchange services and suchlike.

Van Wegberg: "For the moment, the problem of commoditisation seems less bad than we had feared. Yet this sort of detailed information makes it possible to tackle the problem far more efficiently, now and in the future."

Also B2C

"We also looked at another phenomenon. Because besides criminal providers who deal with other criminals (B2B), we are also finding a significant volume of retail cybercrime, in other words directly to the end consumer (B2C). This involves such things as hacked Netflix of Spotify accounts. We estimate the total volume of this form of cybercrime on online anonymous market places between 2011 and 2017 to be around seven million dollars." 

More information

Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets
Rolf van Wegberg, Samaneh Tajalizadehkhoob, Kyle Soska, Ugur Akyazi, Carlos Gañán, Bram Klievink, Nicolas Christin, en Michel van Eeten

Contact Rolf van Wegberg: <link en tpm about-the-faculty departments multi-actor-systems people phd-candidates rs-rolf-van-wegberg>

Science Information Officer TU Delft Roy Meijer, +31 6 14015008,