Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy

The underground economy has attracted a lot of attention recently as a key component of cybercrime. In particular the IRC markets for stolen identities, phishing kits, botnets, and cybercrime related services have been extensively studied. It is suggested that sophisticated underground markets show great specialization and maturity. There are complex divisions of labor and service offerings for every need. Stolen credentials are traded in bulk for pennies on the dollar. It is suggested that large sums move on these markets.

We argue that this makes very little sense. Using basic arguments from economics we show that the IRC markets studied represent classic examples of lemon markets. The ever-present rippers who cheat other participants ensure that the market cannot operate effectively. Their presence represents a tax on every transaction conducted in the market. Those who form gangs and alliances avoid this tax, enjoy a lower cost basis and higher profit. This suggests a two tier underground economy where organization is the route to profit. The IRC markets appear to be the lower tier, and are occupied by those without skills or alliances, newcomers, and those who seek to cheat them. The goods offered for sale there are those that are easy to acquire, but hard to monetize. We find that estimates of the size of the IRC markets are greatly exaggerated. Finally, we find that defenders recruit their own opponents by publicizing exaggerated estimates of the rewards of cybercrime. Those so recruited inhabit the lower tier; they produce very little profit, but contribute greatly to the externalities of cybercrime.