A Tisket, a Tasket, a Dark Web Shopping Basket

Presented at ShmooCon XV (2019), Jan. 19, 2019, 4:30 p.m. (30 minutes).

We regret to inform you that much of what you’ve been told about dark web pricing–and indeed, data on the dark web–is wrong.

Periodically, researchers from cyber security companies publish reports on the going rates for goods and services on the dark web. We studied and compared 22 of these reports, published between 2013 and 2018, with the intent of developing a dark web pricing index. We concluded that even though these reports purport to inform the audience about the value of certain data types, their inconsistent terminology and haphazard collection strategies only add to the already confusing picture of the dark web. While educating end users about the value of their data and about the adversaries exploiting it is a valuable exercise, many of these reports fall into the traps of fear, uncertainty, and doubt (FUD). The inability or unwillingness to accurately illustrate the dark web data economy to an inexpert audience exacerbates the myth-filled public perception of the dark web.

To move forward as an industry, we need a consistent, shared taxonomy of digital goods available for sale and the development of a price index (based on a basket of goods and services) to measure pricing fluctuations in a standardized manner. With this development of definitions and measures of sensitive data pricing on the dark web, organizations can collaborate more effectively to combat the threat and minimize the risks associated with dark web enabled fraud.


Presenters:

  • Emma Zaballos
    Emma Zaballos (@theemmazaballos) and Anne Addison Meriwether are Analysts at Terbium Labs, a dark web intelligence company, where they work on evaluating and contextualizing threats to customer data. Emma specializes in visualizing trends in the sale and trade of stolen payment cards and studying the many ways companies fail to secure user data. She enjoys reading dark web forum drama. Anne Addison focuses on the governance, risk, and compliance aspects of data exposure. She loves to remind people about the boring parts of the dark web.
  • Anne Addison Meriwether
    Emma Zaballos (@theemmazaballos) and Anne Addison Meriwether are Analysts at Terbium Labs, a dark web intelligence company, where they work on evaluating and contextualizing threats to customer data. Emma specializes in visualizing trends in the sale and trade of stolen payment cards and studying the many ways companies fail to secure user data. She enjoys reading dark web forum drama. Anne Addison focuses on the governance, risk, and compliance aspects of data exposure. She loves to remind people about the boring parts of the dark web.

Links:

Similar Presentations: