Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy

Conference paper


The underground economy has attracted a lot of attention recently as a key component of cybercrime. In particular the IRC markets for stolen identities, phishing kits, botnets, and cybercrime related services have been extensively studied. It is suggested that sophisticated underground markets show great specialization and maturity. There are complex divisions of labor and service offerings for every need. Stolen credentials are traded in bulk for pennies on the dollar. It is suggested that large sums move on these markets.

We argue that this makes very little sense. Using basic arguments from economics we show that the IRC markets studied represent classic examples of lemon markets. The ever-present rippers who cheat other participants ensure that the market cannot operate effectively. Their presence represents a tax on every transaction conducted in the market. Those who form gangs and alliances avoid this tax, enjoy a lower cost basis and higher profit. This suggests a two tier underground economy where organization is the route to profit. The IRC markets appear to be the lower tier, and are occupied by those without skills or alliances, newcomers, and those who seek to cheat them. The goods offered for sale there are those that are easy to acquire, but hard to monetize. We find that estimates of the size of the IRC markets are greatly exaggerated. Finally, we find that defenders recruit their own opponents by publicizing exaggerated estimates of the rewards of cybercrime. Those so recruited inhabit the lower tier; they produce very little profit, but contribute greatly to the externalities of cybercrime.


Credit Card Reputation System Underground Economy Lower Tier Quality Uncertainty 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Acquisti, A., Grossklags, J.: Uncertainty, ambiguity and privacy. In: Proceedings of the Fourth Workshop on the Economics of Information Security (WEIS). Cambridge, MA (2005)Google Scholar
  2. 2.
    Akerlof, G.A.: The market for ‘lemons’: Quality uncertainty and the market mechanism. Quarterly Journal of Economics 84(3), 488–500 (1970)Google Scholar
  3. 3.
    Anderson, R.:Why information security is hard – an economic perspective. In: Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC), pp. 358–365. (2001)Google Scholar
  4. 4.
    Anderson, R.,Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)Google Scholar
  5. 5.
    Berton, P.: Klondike: The Last Great Gold Rush, 1896-1899. Mcclelland and Stewart (1972)Google Scholar
  6. 6.
    Brady, H.: The EU and the fight against organised crime (2007). uk/pdf/wp721_org_crime_brady.pdfGoogle Scholar
  7. 7.
    Coase, R.H.: The nature of the firm. Economica 4(16), 386–405 (1937)Google Scholar
  8. 8.
    Cova,M., Kruegel, C., Vigna, G.: There is no free phish: an analysis of “free” and live phishihg kits. In: Proceedings of WOOT. USENIX Association, Berkeley (2008)Google Scholar
  9. 9.
    Dhanjani, N., Rios, B.: Bad Sushi: Beating Phishers at their Own Game. Blackhat, 2008.Google Scholar
  10. 10.
    Federal Trade Commission: Identity theft survey report (2007). 11/SynovateFinalReportIDTheft2006.pdfGoogle Scholar
  11. 11.
    Ford, R., Gordon, S.: Cent, five cent, ten cent, dollar: Hitting spyware where it teally hurt$. In: Proceedings of the New Security Paradigms Workshop (NSPW), pp. 3–10. ACM Press, New York (2006)Google Scholar
  12. 12.
    Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of Internet miscreants. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp. 375–388. ACM Press, New York (2007)Google Scholar
  13. 13.
    Fultz, N., Grossklags, J.: Blue versus red: Toward a model of distributed security attacks. In: R. Dingledine, P. Golle (eds.) 13th International Conference on Financial Cryptography and Data Security, LNCS, vol. 5628, pp. 167–183. Springer, Berlin Heidelberg (2009)Google Scholar
  14. 14.
    Geer, D., Conway, D.: The /0wned price index. IEEE Security & Privacy 7(1), 86–87 (2009)Google Scholar
  15. 15.
    Geer, D., Conway, D.: What we got for Christmas. IEEE Security & Privacy 6(1), 88 (2008)Google Scholar
  16. 16.
    Gordon, H.S.: The economic theory of a common-property resource: the fishery. The Journal of Political Economy 62(2), 124–142 (1954)Google Scholar
  17. 17.
    Grigg, I.: The market for silver bullets (2008). Scholar
  18. 18.
    Hardin, G.: The tragedy of the commons. Science 162(3859), 1243–1248 (1968)Google Scholar
  19. 19.
    Herley, C., Florêncio, D.: A profitless endeavor: phishing as tragedy of the commons. In: Proceedings of the New Security ParadigmsWorkshop (NSPW), pp. 59–70. ACM Press, New York (2008)Google Scholar
  20. 20.
    Holz, T., Engelberth, M., Freiling, F.: earning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones. Reihe Informatik. TR-2008-006 (2008). http: // Scholar
  21. 21.
    John, J.P.,Moshchuk, A., Gribble, S.D., Krishnamurthy, A.: Studying spamming botnets using Botlab. In: Proceedings of NSDI. USENIX Association, Berkeley (2009)Google Scholar
  22. 22.
    Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: Spamalytics: An empirical analysis of spam marketing conversion. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pages 3–14. ACM Press, New York (2008)Google Scholar
  23. 23.
    Levitt, S.D., Venkatesh, S.A.: An economic analysis of a drug-selling gang’s finances. Quarterly Journal of Economics 115(3), 755–789 (2000)Google Scholar
  24. 24.
    Li, Z., Liao, Q., Striegel, A.: Botnet economics: Uncertainty matters. In: M.E. Johnson (ed.) Managing Information Risk and the Economics of Security, pp. 245–267. Springer, New York (2008)Google Scholar
  25. 25.
    Mankiw, N.G.: Principles of Economics. South-Western College Publishers (2007)Google Scholar
  26. 26.
    Moore, T., Clayton, R.: Examining the impact of website take-down on phishing. In: Proceedings of the 2nd APWG eCrime Researchers Summit, pp. 1–13. ACM Press, New York (2007)Google Scholar
  27. 27.
    Ozment, A., Schechter, S.: Milk or wine: does software security improve with age? In: Proceedings of the 15th USENIX Security Symposium, article no. 7. USENIX Association, Berkeley (2006)Google Scholar
  28. 28.
    Smith, A.: An Inquiry into the Nature and Causes of theWealth of Nations.W. Strahan and T. Cadell (1776)Google Scholar
  29. 29.
    Symantec: Symantec Internet Security Threat Report XIII (2008). http://eval. internet_security_threat_report_xiii_04-2008.en-us.pdfGoogle Scholar
  30. 30.
    Symantec: Symantec Report on the Underground Economy XII (2009). http://eval. internet_security_threat_report_xii_09_2007.en-us.pdf.Google Scholar
  31. 31.
    Thomas, R., Martin, J.: The underground economy: Priceless. USENIX ;login 31(6), 7–16 (2006)Google Scholar
  32. 32.
    Zhuge, Z., Holz, T., Song, C., Guo, J., Han, X., Zou, W.: Studying malicious websites and the underground economy on the Chinese web. In: M.E. Johnson (ed.) Managing Information Risk and the Economics of Security, pp. 225–244. Springer, New York (2008)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Microsoft ResearchRedmondUSA

Personalised recommendations