Stolen Data Markets: An Economic and Organizational Assessment

Presented at DEF CON 22 (2014), Aug. 8, 2014, noon (Unknown duration)

Since the TJX corporation revealed a massive data breach in 2007, incidents of mass data compromise have grabbed media attention. The substantial loss of customer data and resulting fraud have seemingly become more common, including the announcement of the Target and Neiman Marcus compromises in 2013. As a result, the social and technical sciences are increasingly examining the market for data resale which is driven in part by these data breaches. This research is increasingly driven by assessments of web forum-based markets with varying depth of content and representativeness. As a result, there is a great deal of speculation about the profit margins and economy for stolen data. Researchers rarely provide metrics for the cost of various products, and some argue that the type of forum analyzed may provide inaccurate data on the costs of information. In fact, Herley and Florencio argue that open forums are largely a lemon market, where advertised costs are low but the risk of loss is quite high. Similarly, there is limited research considering the organizational structure of actors in the marketplace. Some in the media use the terms gangs or mafias to refer to the thieves and data sellers who acquire information, but this may not accurate reflect the realities of the relationships between buyers, sellers, moderators, and others who facilitate transactions. This presentation will explore the economy and organizational composition of stolen data markets through qualitative and quantitative analyses of a sample of threads from 13 Russian and English language forums involved in the sale of stolen data. We present estimates for the costs of various forms of data, and examine the relationship between various social and market conditions and the advertised price for dumps and other financial data. The findings support the argument that higher risk conditions within a forum are associated with lower prices for data, while more legitimate and organized markets have higher prices. In addition, the organizational composition of the market are explored using a qualitative analysis which finds that the markets are primarily collegial in nature at the individual level, enabling individuals to work together in order to facilitate transactions. There is also a distinct division of labor between participants on the basis of the products sold and skill sets available and some evidence of long-term market stability on the basis of managerial structures and time in operation. Finally, quantitative social network analysis techniques are applied to this sample of forums to assess network density, user centrality, and the resiliency of the network structures observed. The policy implications of this study for consumers, law enforcement, and security analysts will be discussed in depth to provide improved mechanisms for the disruption and takedown of stolen data markets globally.


  • Yi-Ting Chua - Michigan State University
    Yi Ting Chua is a Ph. D. student in the School of Criminal Justice at Michigan State University whose interests include cybercrime and policy analysis.
  • Dr. Olga Smirnova - Assistant Professor, Eastern Carolina University   as Olga Smirnova
    Olga Smirnova is an Assistant Professor in the Department of Political Science at Eastern Carolina University. She received her Ph. D. from the University of North Carolina at Charlotte and conducts research on the role of public policy in urban and regional economic development, state and local government, and the interaction of land use and transportation policy. She is also skilled in social network analysis and has applied this analysis technique to various on-line data sources to understand the social world of computer hackers and malware writers.
  • Dr. Thomas J. Holt - Associate Professor, Michigan State University   as Dr. Thomas Holt
    Dr. Thomas Holt is an Associate Professor in the School of Criminal Justice at Michigan State University specializing in cybercrime, policing, and policy. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. He has published extensively on cybercrime and cyberterror with over 35 peer-reviewed articles in outlets such as Crime and Delinquency, Sexual Abuse, the Journal of Criminal Justice, Terrorism and Political Violence, and Deviant Behavior. He has published multiple edited books, including Corporate Hacking and Technology-Driven Crime with coeditor Bernadette Schell (2011), Crime On-Line: Correlates, Causes and Context, now in its 2nd Edition, and a co-author of Digital Crime and Digital Terror, 2nd edition (2010). He has also received multiple grants from the National Institute of Justice and the National Science Foundation to examine the social and technical drivers of Russian malware writers, data thieves, and hackers using on-line data. He has also given multiple presentations on computer crime and hacking at academic and professional conferences, as well as hacker conferences across the country including DEF CON and HOPE. twitter: @spartandevilshn