Cybercrime Price List with Crime Economics

The question about underground prices is often coming up – often only for curiosity. However, this pricelist is extremely important if we try to understand at least the motivation and the business case of criminals. Let’s look at a simple business case for a criminal. On the upside we have two bullets:

  • Economical gain – the money they make with their services and the stolen data. Let’s call this GE
  • The psychological gain – the ability to be proud, brag about an attack etc. Let’s call the GP

On the cost-side, there are two items as well:

  • Direct cost of committing the crime – hardware, line, services they have to buy, the time they have to invest etc. Let’s call this CD
  • The cost if they are caught and punished. This is now not straightforward. It is a combination of the probability of being arrested (PA), the probability to being convicted (PC) and the actual cost of the penalty – whether it be a fine to pay of the sentence to be served (CP). Therefore, the overall cost on this side would be PA * PC * CP

If we would agree on these factors, to make a crime attractive, the overall equation would look like:

GE + GP > CD + PA*PC*CP

Let’s come back to the underground prices. They are interesting as you might want to understand where you have a lever to drive the cost up and what it costs directly purchase certain services.

Fortune published an article called A Hacker’s Tool Kit with a graph in, which is interesting to look at in this context:

click on the image to open it

So think along the lines of how to mess with the criminals business case!

This is a Security Bloggers Network syndicated blog post authored by Roger Halbheer. Read the original post at: Roger Halbheer on Security