Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Information Technology
August 20, 2014 01:00 AM

RAND report takes you on a trip to dark side (of cybercrime)

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    It's not Elmore Leonard, but for the average health information technology reader, a new RAND report, Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar, is still a gripper.

    The report pulls back the curtain on the underworld of data theft, looking at it in its entirety, as a fully functional marketplace, not merely as random, isolated hacks and breaches. That's where it's likely to capture a health IT reader's attention in the wake of Monday's announcement that 4.5 million patient records had been stolen from Community Health Systems by hackers.

    If the CHS attack made you wonder what someone would do with all that data, this report answers the question in systematic detail.

    Cybercriminals not only steal personal records and sell them to other lawbreakers, they make and market the tools that others might use to steal records, the report explains.

    For example, click through to the report’s page 14 (PDF) and look at the bar chart showing the number of new “exploit kits” being offered each year over the past nine years.

    Since 2008, the growth in these tools of mayhem has been explosive.

    Why is all this happening? To paraphrase Ronald Reagan, it’s “the magic of the markets.”

    “The black market (for data) can be more profitable than the illegal drug trade,” the RAND authors say. “No one knows (or is willing to hazard a guess) how many people participate in this market. Similarly, few want to estimate how large the market is, although the general feeling is that it is large, and one expert noted that it generates billions of dollars, at the least.”

    In recent years, as the black market in cybercrime matured, a segment of it integrated vertically, leveraging the Internet as have many other industries to expand its reach to buyers, sellers and producers globally, while opening up career opportunities across a range of skill levels.

    “The organization structure already exists,” RAND researcher and report co-author Lillian Ablon said in an interview. “You’ve got your set rules and you know who you’re reporting to. Back in the day, these markets really were ad hoc. To do business, you had to know the person” you were dealing with, plus “you all had to have your technical chops.”

    “Now,” Ablon said, “anyone can get in.”

    There are job slots up and down the cybercrime organizational pyramid (See p. 6), with something for just about anyone, from mules handling the money on the bottom, to subject-matter experts developing and using the tools near the top, to administrators at the peak overseeing and coordinating it all.

    The only prerequisite seems to be a willingness to break the law.

    “If you are developing an exploit kit, you may have some smarts,” Ablon said, “but if you’re buying and selling credit card data, you may not need those smarts.”

    According to its Securities and Exchange Commission filing on the incident, CHS pinned its cyberattack on a hacker group originating in China, one normally associated with the theft of intellectual property.

    Ablon’s research points out that hackers from certain regions tend to go after certain types of information. Cybercriminals from Russia and the Ukraine, for example, focus on financial data while Chinese hackers often go for intellectual property, but those are only tendencies, Ablon said.

    “We’re not saying there is not financial crime in China, or that Eastern Europeans are ignoring” intellectual property, she said. But the theft of 4.5 million records from CHS may have been merely an attempt by the hackers to salvage at least something from a failed attempt to find intellectual property.

    “If you’re conducting a robbery, you’re going to take whatever you can find. The records are collateral damage in a sense where the end goal was something else,” Ablon said.

    Follow Joseph Conn on Twitter: @MHJConn

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Judy_Faulkner_Epic_HIMSS17_edit_i.jpg
    Epic outlines what's ahead for patient portal, Cosmos
    Cerner_fullsize_AP_i.jpg
    Cerner to pay $1.8M to resolve racial discrimination allegations
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing