In a podcast I was listening to recently, offenders who had just gotten out of jail were discussing how everything in life is so difficult. Some may think that dealing drugs or stealing cars makes for an easy living with little work and a big payday. The harsh reality is that competition is fierce when competing for a legitimate job AND when competing to sell drugs or credit card numbers. Anyone who has seen the Sons of Anarchy biker gang show gets the idea. These bikers get robbed, shot at and even raped over and over again. They rarely if ever get to enjoy the spoils of their crimes.
Under these circumstances, the most reasonable decision would be to drop out of the criminal underworld. But are offenders reasonable? We set out to find out by analyzing data we collected from darknet marketplaces. Over the course of the past 13 months, we collected over 560,000 ads for illicit products and services and 13,000 offender profiles on those marketplaces. For each offender, we calculated how many months they were active, the activity they were involved in and the price range of their ads. Our first aim was to quantify how long offenders survived in their very competitive setting.
Figure 1: Share of offenders who survive after N months
Figure 1 shows that almost half of offenders survive for less than a month. More than 80% of them have disappeared at the end of a 3 months period. Of course, some of these offenders may have closed their account and opened a new one under a different name. That would still show that the offenders felt the need to change their brand name and online persona regularly.
Different types of offenders may experience different levels of competitions and refuse to quit so easily. Further analysis shows that online drug dealers have statistically significantly longer careers compared to those involved in hacking and fraud. Offenders who sold expensive products and services did not havestatistically significantly longer careers than those that did not.
These results shape how financial institutions need to address the cyber threats they face. The offenders they identify as posing a threat will in most likeliness not be active 3 months later. It is therefore of the utmost importance for them to have access to fresh intelligence to identify the latest threat against them. It is also important that financial institutions have access to smart tools that can connect the offenders’ online personas together. It may look as though an actor has shut down his activities. It is possible however that he simply changed his username and is still operating. All the efforts invested in evaluating the threat that an offender poses would be lost if his new identity could not be connected to his old identity. Flare Systems inc. provides updates by the hour on the activities of offenders and connects all the offenders’ online personas together in an easy to understand web dashboard. This significantly helps our customers prevent victimization. For those that are unfortunately not yet customers, there is always the hope that the offenders will quit before they make too many victims. But why take the chance when our dedicated staff is only an email away?
1 Source of main image: https://dg.imgix.net/when-should-non-quitters-quit-en/landscape/when-should-non-quitters-quit-58c3487e35de8f9ac00d2b2da96c1fe6.jpg?ts=1513795682&ixlib=rails-3.0.2&auto=format%2Ccompress&fit=min&w=800&h=450