New model of cybercrime factors in sell by date of stolen data
A new model examining cybercrime factors in the perishable value of stolen data allows law enforcement and policy makers to plan against future hacks.
A new model examining cybercrime factors in the perishable value of stolen data allows law enforcement and policy makers to plan against future hacks.
The computer-based model captures the network economics of cybercrime activity. This includes the critical time element and perishability of stolen cyber financial products with, as in the case of sell by dates on fresh produce, the value (and, hence, the black market price) decreasing over time. It also identifies different demand prices for different financial products, with certain credit cards being more valuable because of credit limit, expiry date and continent of origin.
The study, A Multiproduct Network Economic Model of Cybercrime in Financial Services, by Anna Nagurney, the John F. Smith Memorial Professor of Operations Management at the Isenberg School of Management at the University of Massachusetts Amherst, US, models cybercriminals as economic agents who evaluate targets by the difference between the demand prices that the products (such as credit and debit cards) command versus the associated costs of stealing and transacting them.
Financial service firms are modeled as prey and the hackers as predators. The underlying methodology used to capture such asymmetric interactions is variational inequality theory, which examines multiple interacting agents on the supply and demand sides.
The new model includes the sources of financial products (the supply points) and the destinations (the demand points) in a powerful visual representation as a network, accompanied by the associated costs of illicitly acquiring the financial products, the transaction costs associated with finding consumers of such illicit products, and the prices at which they can be sold.
Professor Nagurney, an Institute for Operations Research and the
Management Sciences (INFORMS) fellow, highlights how cybercrime exacts billions of dollars from businesses across the globe annually in theft and loss of revenue, as well as damage to reputation, opportunity cost and disclosure of proprietary information. The financial services sector, in particular, has been a major target of cybercriminals, with cybercrime now the second most commonly reported economic crime affecting such firms.
Through new internet pathways, cybercriminals can attack remotely and remain undetected for months.
Last month, 57 arrests were made in a UK-wide week of coordinated action against cybercrime by the National Crime Agency (NCA) and partners in law enforcement, industry and government.
The arrests, made in 25 separate operations, related to a range of cyber criminality including:
Network intrusion and data theft from multinational companies and government agencies;
Distributed denial-of-service (DDoS) attacks;
Cyber-enabled fraud; and
Malicious software and virus development.
Professor Nagurneys network economic framework permits quantifiable evaluation of various policy interventions investigated in the study:
1.Determining the impact of strategies that make it harder to attack financial products source locations (computer servers);
2.Evaluating ways that make it harder for cybercriminals to make transactions through the common technique of increasing transaction costs; and
3.Exploring changes in the demand price to evaluate greater or lesser interest in criminal products at demand markets.
In addition, the study shows improved graphical network representation that makes it possible to quantify the addition or removal of demand markets and sources of financial products.
The study was published in Service Science, a journal published by INFORMS, the professional association for those in advanced analytics.