Cybercriminals don’t simply buy their technology off the shelf

The fear that cybercriminals can easily purchase the technical capabilities they need on underground marketplaces is unfounded. There are still many entry barriers for aspiring cybercriminals, is the conclusion of researcher Rolf van Wegberg. On Tuesday 27 October, he has been awarded his PhD at TU Delft for his work on the subject.

Off the shelf

Cybercrime is a growing issue that can take many forms, such as credit card fraud and online blackmail. Many experts warn of a trend in which cybercriminals are able to buy certain technical services and skills – for example, a technical solution for money laundering – ‘off the shelf’ on underground marketplaces. This is known as commoditisation. “It has been compared to a ‘cybercrime IKEA’, where you can go and buy or put together the product or service of your choice”, Rolf van Wegberg explains. “In theory, this phenomenon lowers the threshold for criminals to get into cybercrime.”

No rapid growth

As part of his PhD research, van Wegberg explored whether this commoditisation is truly becoming such an impactful phenomenon. He examined six years of transaction data from eight anonymous online marketplaces, from Silk Road to AlphaBay.

It appears that the problem is not as bad as was thought. “Our results show that commoditisation on anonymous online marketplaces is a less clear-cut phenomenon than was previously supposed. Not everything is for sale, and there is no evidence of rapid growth – and thus widespread commoditisation – in contrast to the dire warnings you encounter in reports from the security industry.” So there still seem to be considerable obstacles here for aspirational cybercriminals.

Professional operations

Van Wegberg also attempted to identify what kind of people might be offering such services. Generally speaking they are experienced professionals, with good business operations, product marketing, a refunds policy and customer support.

Insights such as these can prove very useful for investigative services (van Wegberg is already collaborating with the Fiscal Intelligence and Investigation Service (FIOD) on an academic research programme). “Police interventions are often aimed at disabling online platforms or professional services”, van Wegberg says. “The disadvantage of this for the police is that it does not lead to mass arrests or seizure of money, so to the outside world this approach seems to have little impact.

“However, it is an effective approach. For example, we investigated the effects of Operation Bayonet – in which the FBI and the Dutch police took over two prominent markets. Operation Bayonet proved to be a far-reaching and successful intervention. One of the consequences was that the service providers had to rebuild their reputation and customer base from scratch.”

Weakest link

Van Wegberg also points out that the police can focus on the weakest technical link in the criminal value chain. “We came to the insight that many different forms of cybercrime actually use similar technical resources, known as multitools. This means that tracing cybercrime can focus more on the form of the crime itself. In the eyes of the ordinary police officer, one form of cybercrime may not have much in common with another, while it is in fact wholly or in part dependent on identical technical resources. This insight should help police services to determine where an intervention can best be carried out.”