This study examined distribution of goods sold, social organization of market actors, and network structure that support the stolen-data market. It covered 13 Web forums in which users buy and sell products, over 84 percent of which were some form of stolen data. Results indicated that the majority of sellers offered “dumps,” which are bank account or credit card data (44.7 percent), security data from credit cards (34.9 percent), and other electronic data, such as eBay and PayPal accounts (1.4 percent). Numerous sellers also offered resources for obtaining funds from these accounts (7.4 percent), and a small percentage sold malware and tools that facilitate cybercrimes. Most of the stolen data came from the United States and Europe. Eight of the 13 forums were operating as formal organizations with managerial structures and long-term operations. The majority of networks had slightly more than 50 percent of the users connected. Sellers were the central actors, although buyers and neutral users were critical to information sharing and promotion. There was a high correlation between the number of posts and the number of users in each forum. Consequently, these networks have substantive redundancies that make them difficult to disrupt through traditional external means.
For additional information go to the National Criminal Justice Reference Service, https://www.ncjrs.gov/App/Publications/abstract.aspx?ID=267460, 2014, NCJ 245375.