An Economic Map of Cybercrime

21 Pages Posted: 2 Feb 2012

See all articles by Alvaro Cárdenas

Alvaro Cárdenas

affiliation not provided to SSRN

Svetlana Radosavac

affiliation not provided to SSRN

Jens Grossklags

affiliation not provided to SSRN

John Chuang

University of California, Berkeley - School of Information

Chris Jay Hoofnagle

University of California, Berkeley - School of Information; University of California, Berkeley - School of Law

Date Written: August 15, 2009

Abstract

The rise of cybercrime in the last decade is an economic case of individuals responding to monetary and psychological incentives. Two main drivers for cybercrime can be identi fied: the potential gains from cyberattacks are increasing with the growth of importance of the Internet, and malefactors' expected costs (e.g., the penalties and the likelihood of being apprehended and prosecuted) are frequently lower compared with traditional crimes. In short, computer-mediated crimes are more convenient, and pro table, and less expensive and risky than crimes not mediated by the Internet. The increase in cybercriminal activities, coupled with ineff ective legislation and ineffective law enforcement pose critical challenges for maintaining the trust and security of our computer infrastructures.

Modern computer attacks encompass a broad spectrum of economic activity, where various malfeasants specialize in developing speci c goods (exploits, botnets, mailers) and services (distributing malware, monetizing stolen credentials, providing web hosting, etc.). A typical Internet fraud involves the actions of many of these individuals, such as malware writers, botnet herders, spammers, data brokers, and money launderers.

Assessing the relationships among various malfeasants is an essential piece of information for discussing economic, technical, and legal proposals to address cybercrime. This paper presents a framework for understanding the interactions between these individuals and how they operate. We follow three steps.

First, we present the general architecture of common computer attacks, and discuss the flow of goods and services that supports the underground economy. We discuss the general flow of resources between criminal groups and victims, and the interactions between diff erent specialized cybercriminals.

Second, we describe the need to estimate the social costs of cybercrime and the profi ts of cybercriminals in order to identify optimal levels of protection. One of the main problems in quantifying the precise impact of cybercrime is that computer attacks are not always detected, or reported. Therefore we propose the need to develop a more systematic and transparent way of reporting computer breaches and their eff ects.

Finally, we propose some possible countermeasures against criminal activities. In particular, we analyze the role private and public protection, and the incentives of multiple stake holders.

Suggested Citation

Cárdenas, Alvaro and Radosavac, Svetlana and Grossklags, Jens and Chuang, John and Hoofnagle, Chris Jay, An Economic Map of Cybercrime (August 15, 2009). TPRC 2009. Available at SSRN: https://ssrn.com/abstract=1997795

Alvaro Cárdenas (Contact Author)

affiliation not provided to SSRN

Svetlana Radosavac

affiliation not provided to SSRN

No Address Available

Jens Grossklags

affiliation not provided to SSRN ( email )

John Chuang

University of California, Berkeley - School of Information ( email )

102 South Hall
Berkeley, CA 94720-4600
United States

Chris Jay Hoofnagle

University of California, Berkeley - School of Information ( email )

212 South Hall
Berkeley, CA 94720-4600
United States
510-643-0213 (Phone)

HOME PAGE: http://hoofnagle.berkeley.edu

University of California, Berkeley - School of Law ( email )

344 Boalt Hall
Berkeley, CA 94720-7200
United States
510-643-0213 (Phone)

HOME PAGE: http://hoofnagle.berkeley.edu

Register to save articles to
your library

Register

Paper statistics

Downloads
758
Abstract Views
3,864
rank
31,616
PlumX Metrics