Privacy / Data Protection

An Economic Map of Cybercrime

Author(s): Chris Jay Hoofnagle
Year: 2009

Abstract: The rise of cybercrime in the last decade is an economic case of individuals responding to monetary and psychological incentives. Two main drivers for cybercrime can be identified: the potential gains from cyberattacks are increasing with the growth of importance of the Internet, and malefactors' expected costs (e.g., the penalties and the likelihood of being apprehended and prosecuted) are frequently lower compared with traditional crimes. In short, computer-mediated crimes are more convenient, and protable, and less expensive and risky than crimes not mediated by the Internet. The increase in cybercriminal activities, coupled with ineffective legislation and ineffective law enforcement pose critical challenges for maintaining the trust and security of our
computer infrastructures.

Modern computer attacks encompass a broad spectrum of economic activity, where various malfeasants specialize in developing specific goods (exploits, botnets, mailers) and services (distributing malware, monetizing stolen credentials, providing web hosting, etc.). A typical Internet fraud involves the actions of many of these individuals, such as malware writers, botnet herders, spammers, data brokers, and money launderers.

Assessing the relationships among various malfeasants is an essential piece of information for discussing economic, technical, and legal proposals to address cybercrime. This paper presents a framework for understanding the interactions between these individuals and how they operate. We follow three steps.

First, we present the general architecture of common computer attacks, and discuss the flow of goods and services that supports the underground economy. We discuss the general flow of resources between criminal groups and victims, and the interactions between different specialized cybercriminals.

Second, we describe the need to estimate the social costs of cybercrime and the profits of cybercriminals in order to identify optimal levels of protection. One of the main problems in quantifying the precise impact of cybercrime is that computer attacks are not always detected, or reported. Therefore we propose the need to develop a more systematic and transparent way of reporting computer breaches and their effects.

Finally, we propose some possible countermeasures against criminal activities. In particular, we analyze the role private and public protection, and the incentives of multiple stake holders.

Keywords: cybercrime, private, public, protection