The question about underground prices is often coming up – often only for curiosity. However, this pricelist is extremely important if we try to understand at least the motivation and the business case of criminals. Let’s look at a simple business case for a criminal. On the upside we have two bullets:
- Economical gain – the money they make with their services and the stolen data. Let’s call this GE
- The psychological gain – the ability to be proud, brag about an attack etc. Let’s call the GP
On the cost-side, there are two items as well:
- Direct cost of committing the crime – hardware, line, services they have to buy, the time they have to invest etc. Let’s call this CD
- The cost if they are caught and punished. This is now not straightforward. It is a combination of the probability of being arrested (PA), the probability to being convicted (PC) and the actual cost of the penalty – whether it be a fine to pay of the sentence to be served (CP). Therefore, the overall cost on this side would be PA * PC * CP
If we would agree on these factors, to make a crime attractive, the overall equation would look like:
GE + GP > CD + PA*PC*CP
Let’s come back to the underground prices. They are interesting as you might want to understand where you have a lever to drive the cost up and what it costs directly purchase certain services.
Fortune published an article called A Hacker’s Tool Kit with a graph in, which is interesting to look at in this context:
click on the image to open it
So think along the lines of how to mess with the criminals business case!
- To Crowdsource Crime-Fighting, A Cop Camera Giant Eyes Your Videos (fastcompany.com)
- Leaked emails show International Criminal Court tried to get help from Angelina Jolie and George Clooney (businessinsider.com)
*** This is a Security Bloggers Network syndicated blog from Roger Halbheer on Security authored by Roger Halbheer. Read the original post at: https://www.halbheer.ch/security/2017/10/26/cybercrime-price-list/