The dark web is not what people think it is. At least, it is not just what people think it is. The dark web is not merely home to dissidents, free thinkers, extremists, drug dealers, and the occasional arms dealer—it is also a resilient, adaptive economy where data is the commodity of choice.
Terbium’s new report, Shady Business: Commoditization of Data in the Dark Web Economy, examines the underground data trade, investigates the shady business side of dark web operations, and challenges existing ideas about data valuation. The dark web plays host to some of the most enterprising and lucrative criminal networks in the world, a flea market flush with personal and financial data. The point at which a market is structured means the market becomes more stable - goods and services take on set prices, buyers know where to find sellers, and both sides have a clear sense of what makes up a successful transaction.
Challenging ideas about data valuation requires accepting that existing information classification systems and concepts of loss do not match up with the way the fraudsters are thinking about data. As businesses adopt a data security model, they evaluate their existing assets and classify them into familiar categories: public, private, sensitive, proprietary, restricted. Fraudsters, it turns out, have their own classifications—and they don’t match up.
Cyber criminals value data based on their ability to exploit that data: its perceived profit, potential for monetization, and utility to plug into existing models. The dark web experiences regular deluges of data dumps, and the prices that data commands does not match up to the data types most valued by organizations. In this new report, we explore how valuation models manifest on the dark web - which data types are most valuable, why, and what steps organizations can take to address this change in classification.
Right now, fraud is a reactive problem. When fraud occurs, organizations work to interrupt, identify, and investigate the fraud, whether to make things right for a customer or to identify gaps in internal controls. Even for financial institutions, which anticipate a certain amount of fraud in the course of normal operations, fraud is still being prevented or prosecuted at the end of the lifecycle—well after the fraud is being committed.
In this report, we propose an alternative view of the fraud lifecycle: what can we learn if we think of fraud on the dark web as a supply chain? Leaning on this interpretation of the flow of goods and services on the dark web, we can instead identify the lifecycle in economic terms: manufacturing, production, and distribution. What if we could get to the point of disrupting fraud earlier in the supply chain—what if we could block a distribution center, rather than issue a product recall? What would that mean for our existing models, and for the future of fraud detection?
This report presents an opportunity to get ahead of the fraud and to develop a proactive solution instead of relying on the reactive approach currently being implemented.