Introduction: Few studies have examined the sales of stolen account credentials on darkweb markets. In this study, we tested how advertisement characteristics affect the popularity of illicit online advertisements offering account credentials. Unlike previous criminological research, we take a novel approach by assessing the applicability of knowledge on regular consumer behaviours instead of theories explaining offender behaviour.Methods: We scraped 1,565 unique advertisements offering credentials on a darkweb market. We used this panel data set to predict the simultaneous effects of the asking price, endorsement cues and title elements on advertisement popularity by estimating several hybrid panel data models.Results: Most of our findings disconfirm our hypotheses. Asking price did not affect advertisement popularity. Endorsement cues, including vendor reputation and cumulative sales and views, had mixed and negative relationships, respectively, with advertisement popularity.Discussion: Our results might suggest that account credentials are not simply regular products, but high-risk commodities that, paradoxically, become less attractive as they gain popularity. This study highlights the necessity of a deeper understanding of illicit online market dynamics to improve theories on illicit consumer behaviours and assist cybersecurity experts in disrupting criminal business models more effectively. We propose several avenues for future experimental research to gain further insights into these illicit processes.
DOCUMENT
Illicit data markets have emerged on Telegram, a popular online instant messaging application, bringing together thousands of users worldwide in an unregulated exchange of sensitive data. These markets operate through vendors who offer enormous quantities of such data, from personally identifiable information to financial data, while potential customers bid for these valuable assets. This study describes how Telegram data markets operate and discusses what interventions could be used to disrupt them. Using crime script analysis, we observed 16 Telegram meeting places encompassing public and private channels and groups. We obtained information about how the different meeting places function, what are their inside rules, and what tactics are employed by users to advertise and trade data. Based on the crime script, we suggest four feasible situational crime prevention measures to help disrupt these markets. These include taking down the marketplaces, reporting them, spamming and flooding techniques, and using warning banners. This is a post-peer-review, pre-copyedit version of an article published in Trends in organized crime . The final authenticated version is available online at https://doi.org/10.1007/s12117-024-09532-6
DOCUMENT
Prior research on network attacks is predominantly technical, yet little is known about behavioral patterns of attackers inside computer systems. This study adopts a criminological perspective to examine these patterns, with a particular focus on data thieves targeting organizational networks. By conducting interviews with cybersecurity experts and applying crime script analysis, we developed a comprehensive script that describes the typical progression of attackers through organizational systems and networks in order to eventually steal data. This script integrates phases identified in previous academic literature and expert-defined phases that resemble phases from industry threat models. However, in contrast to prior cybercrime scripts and industry threat models, we did not only identify sequential phases, but also illustrate the circular nature of network attacks. This finding challenges traditional perceptions of crime as a linear process. In addition, our findings underscore the importance of considering both successful and failed attacks in cybercrime research to develop more effective cybersecurity strategies.
MULTIFILE
