Understanding markers of trust within the online stolen data market: An examination of vendors’ signaling behaviors relative to product price point

• Published date: 01 November 2023
• Author: Jin R. Lee
• Date: 01 November 2023
• DOI: http://doi.org/10.1111/1745-9133.12651

DOI: 10.1111/1745-9133 .12651

SPECIAL ISSUE ARTICLE

CYBERCRIME AND CYBERSECURITY

Understanding markers of trust within the

online stolen data market: An examination of

vendors’ signaling behaviors relative to product

price point

Jin R. Lee

Department of Criminology, Lawand

Society, George Mason University,

Fairfax, Virginia, USA

Correspondence

Jin R. Lee, Department of Criminology,

Law and Society,George Mason

University, Enterprise Hall (Room335),

4400 University Drive, MS 4F4, Fairfax,

VA 22 030 USA .

Email: jlee331@gmu.edu

Funding information

U.S. Department of Homeland Security,

Grant/AwardNumber:

17STCIN00001-02-00

Abstract

Research Summary: The current study examined 1055

stolen data products across 40 vendors on the Open

and Dark Web to determine whether different product-

and vendor-level behaviors predicted vendors’ trust-

worthiness as reflected in their product price point.

Understanding the mechanisms that convey trust in the

underground marketplace is crucial as it could help

law enforcement target serious actors and disrupt the

larger marketplace. Findings suggest the online stolen

data market may resemble an uninformative cost condi-

tion where buyers are unable to accurately differentiate

credible sellers due to the obscure nature of signaling

behaviors.

Policy Implications: Law enforcement would benefit

from designing fake shops and deceptive forum posts

that transmit mixed signals to complicate market partic-

ipants’ process of interpreting trust signals as intended.

These interventions would generate high levels of risk

that encourage both buyers and sellers to exit the online

illicit marketplace without needing law enforcement

arrests. Law enforcement could also target prominent

This is an open access article under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs License, which permits

use and distribution in any medium, provided the original work is properly cited, the use is non-commercial and no modifications or

adaptations are made.

© 2023 The Authors. Criminology & Public Policypublished by Wiley Periodicals LLC on behalf of American Society of Criminology.

Criminology & Public Policy. 2023;22:665–693. wileyonlinelibrary.com/journal/capp 665

666 LEE

market facilitators to generate a larger disruption that

prevents actors from continuing their illicit behavior.

KEYWORDS

cybercrime, Dark Web, online illicit markets, signaling theory,

stolen data

The growth and ubiquity of the Internet has substantially modified the way financial data are

accessed and maintained, providing individuals with quick and convenient access to financial

accounts through e-commerce platforms and online financial portals (James, 2005; Newman &

Clarke, 2003; Wall, 2001).1These outlets allow users to engage in instant economic transactions

as long as they have access to an Internet-enabled device and high-speed Internet, influencing

the way individuals, businesses, and governments interact with one another (Holt, 2020;James,

2005; Wall, 2001). According to the U.S. Department of Commerce, online retail has emerged

as the fourth largest sector in retail spending, trailing only motor vehicle, food and beverage,

and restaurant and bar sales (Rooney, 2019). In fact, the online retail industry has amounted

to approximately $3.53 trillion in global sales (Clement, 2019), with 80% of Americans citizens

making regular purchases online (Smith & Anderson, 2016).

Despite its overall convenience and accessibility, the decentralization of private financial data

has generated numerous opportunities for offenders to acquire sensitive information (Holt et al.,

2016; Peretti, 2009). Studies suggest these data can be stolen and harvested from a range of dif-

ferent sources independent of individuals’ use of online vendors and e-commerce platforms.2For

instance, even if individuals do not engage in e-commerce and only make purchases in offline

environments, they may still have their financial data compromised if the companies or banks

they interact with experience a data breach.3In fact, numerous major retailers (e.g., Target,Home

Depot, Under Armour), traveland hospitality ag encies (e.g.,EasyJet, Norwegian Cruise Line), and

restaurant chains (e.g., Bubba Gump Shrimp, P.F. Chang’s)had their financial databases compro-

mised by hackers in recent years, resulting in the loss of millions of customers’ data (National

Technology Security Coalition, 2020). Specifically, more than 500 million individuals who stayed

at Marriott hotels from 2014to 2018 had their private data stolen when a data breach compromised

Marriott’s reservation database (Leskin, 2018). Similarly, more than 1.1 billion people in India had

their private information stolen when a prominent utility company was impacted by a large data

breach (Leskin, 2018).

Since the quantity of financial data that can be acquired by offenders at a single time often

exceeds their capacity for personal use, surplus financial data are commonly sold and distributed

in online illicit markets to others interested in using the data for their own advantage (Holt et al.,

2016; Motoyama et al., 2011). Research suggests the scope of data breaches against businesses has

generated a highly saturated and competitive stolen data marketplace, offering prospective cus-

tomers a wide variety of vendor options and product choices (see Holt et al., 2013; Tzanetakiset al.,

2016). Stolen data vendors offer a range of products at low costs, including credit and debit card

numbers, card verification values (CVVs), and cardholders’ information (Anderson et al., 2013;

Liggett et al., 2020). Depending on the product’s type and contained amount, items can be adver-

tised as low as $1 per individual product (see Holt et al., 2016). Some vendors even offer customers

the option to purchase financial data in either digital form as raw data or as physical cards for use

in offline establishments (Decary-Hetu & Leppanen, 2016).