Implications and Conclusions

Part of the Palgrave Studies in Cybercrime and Cybersecurity book series (PSCYBER)


This chapter provides a summary of all findings along with the implications for our understanding of illicit markets operating on- and off-line. The stolen data markets examined here are similar in many respects to the other markets, such as those for stolen goods or drugs. There is one key difference that the nature of market precludes the buyers from inspecting the products and/or punishing sellers for non-working data. The policies to address the stolen data markets include collaboration between various law enforcement entities across jurisdictional lines, improved awareness of identity theft risks, and improvements in the reporting mechanisms for this form of criminality. Finally, there are certain limitations to this study, including that this is a snapshot of a selected number of forums at a given point in time. Future research will need to expand our understanding of how the stolen data markets evolve over time.


Legislation Law enforcement Market disruption Chip and pin Data theft 


  1. Abadinsky, H. (2012). Organized crime (10th ed.). New York: Cengage Learning.Google Scholar
  2. Adler, P. A., & Adler, P. (2006). Self-injurers as loners: The social organization of solitary deviance. Deviant Behavior, 26, 345–378.CrossRefGoogle Scholar
  3. Bakker, R. M., Raab, J., & Milward, H. B. (2012). A preliminary theory of network resilience. Journal of Policy Analysis and Management, 31, 33–62.CrossRefGoogle Scholar
  4. Best, J., & Luckenbill, D. F. (1994). Organizing deviance (2nd ed.). New Jersey: Prentice Hall.Google Scholar
  5. Bossler, A. M., & Holt, T. J. (2009). On-line activities, guardianship, and malware infection: An examination of routine activities theory. International Journal of Cyber Criminology, 3, 400–420.Google Scholar
  6. Brenner, S. W. (2008). Cyberthreats: The emerging fault lines of the nation state. New York: Oxford University Press.Google Scholar
  7. Chu, B., Holt, T. J., & Ahn, G. J. (2010). Examining the creation, distribution, and function of malware on-line. Technical Report for National Institute of Justice. NIJ Grant No. 2007-IJ-CX-0018. Retrieved from
  8. Cromwell, P. F., Olson, J. N., & Avary, D. W. (1993). Who buys stolen property? A new look at criminal receiving. Journal of Crime and Justice, 16, 75–95.CrossRefGoogle Scholar
  9. Cross, J. C. (2000). Passing the buck: Risk avoidance and risk management in the illegal/informal drug trade. International Journal of Sociology and Social Policy, 20, 68–94.CrossRefGoogle Scholar
  10. Decary-Hetu, D., & Dupont, B. (2012). The social network of hackers. Global Crime, 13, 160–175.CrossRefGoogle Scholar
  11. Franklin, J., Paxson, V., Perrig, A., & Savage, S. (2007). An inquiry into the nature and cause of the wealth of internet miscreants. Paper presented at CCS07, October 29–November 2, 2007, Alexandria, VA.Google Scholar
  12. Hayashi, F., & Sullivan, R. J. (2013). Fees, fraud, and regulation: Forces of change in the payment card industry. Payment Systems Research Briefing. Federal Reserve Bank of Kansas City. Retrieved from
  13. Herley, C., & Florencio, D. (2010). Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In T. Moor, D. J. Pym, & C. Ioannidis (Eds.), Economics of information security and privacy (pp. 35–53). New York: Springer.Google Scholar
  14. Holt, T. J. (2007). Subcultural evolution? Examining the influence of on- and off-line experiences on deviant subcultures. Deviant Behavior, 28, 171–198.CrossRefGoogle Scholar
  15. Holt, T. J. (2009). Lone hacks or group cracks: Examining the social organization of computer hackers. In F. Smalleger & M. Pittaro (Eds.), Crimes of the Internet (pp. 336–355). Upper Saddle River, NJ: Pearson Prentice Hall.Google Scholar
  16. Holt, T. J. (2010). Exploring strategies for qualitative criminological and criminal justice inquiry using on-line data. Journal of Criminal Justice Education, 21, 300–321.CrossRefGoogle Scholar
  17. Holt, T. J., & Turner, M. G. (2012). Examining risks and protective factors of on-line identity theft. Deviant Behavior, 33, 308–323.CrossRefGoogle Scholar
  18. Holt, T. J., & Lampke, E. (2010). Exploring stolen data markets on-line: Products and market forces. Criminal Justice Studies, 23, 33–50.CrossRefGoogle Scholar
  19. Holt, T. J., & Smirnova, O. (2014). Examining the structure, organization, and processes of the international market for stolen data. Washington, DC: US Department of Justice. Retrieved from
  20. Holt, T. J., Blevins, K. R., & Kuhns, J. B. (2008). Examining the displacement practices of Johns with on-line data. Journal of Criminal Justice, 36, 522–528.CrossRefGoogle Scholar
  21. Holt, T. J., & Bossler, A. M. (2016). Cybercrime in progress: Theory and prevention of technology-enabled offenses. New York: Routledge Press.Google Scholar
  22. Holt, T. J., Bossler, A. M., & Seigfried Spellar, K. C. (2015). Cybercrime and digital forensics: An introduction. New York: Routledge Press.Google Scholar
  23. Holt, T. J., Strumsky, D., Smirnova, O., & Kilger, M. (2012). Examining the social networks of malware writers and hackers. International Journal of Cyber Criminology, 6, 891–903.Google Scholar
  24. Holz, T., Engelberth, M., & Freiling, F. (2009). Learning more about the underground economy: A case-study of keyloggers and dropzones. In M. Backes & P. Ning (Eds.), Computer security—ESCORICS (pp. 1–18). Berlin and Heidelberg: Springer.Google Scholar
  25. Holzman, H. R., & Pines, S. (1982). Buying sex: The phenomenology of being a John. Deviant Behavior, 4(1), 89–116.CrossRefGoogle Scholar
  26. Honeynet Research Alliance. (2003). Profile: Automated credit card fraud. Know Your Enemy Paper series. Retrieved from
  27. Hutchings, A., & Holt, T. J. (2015). A crime script analysis of the online stolen data market. British Journal of Criminology, 55(3), 596–614.CrossRefGoogle Scholar
  28. Jacobs, B. (1996). Crack dealers apprehension avoidance techniques: A case of restrictive deterrence. Criminology, 34, 409–431.CrossRefGoogle Scholar
  29. Jacobs, B. (2000). Robbing drug dealers: Violence beyond the law. New York: Aldine de Gruyter.Google Scholar
  30. Jacobs, B. A., Topalli, V., & Wright, R. (2000). Managing retaliation: Drug robbery and informal sanction threats. Criminology, 38, 171–198.CrossRefGoogle Scholar
  31. James, L. (2005). Phishing exposed. Rockland, MA: Syngress.Google Scholar
  32. Jamieson, A. (2000). The antimafia: Italy’s fight against organized crime. New York: Palgrave Macmillian.Google Scholar
  33. Jewkes, Y., & Sharp, K. (2003). Crime, deviance and the disembodied self: Transcending the dangers of corporeality. In Y. Jewkes (Ed.), Dot.cons: Crime, deviance and identity on the Internet (pp. 1–14). Portland, OR: Willan Publishing.Google Scholar
  34. Markham, A. N. (2011). Internet research. In D. Silverman (Ed.), Qualitative research: Issues of theory, method, and practice (3rd ed., pp. 111–127). Thousand Oaks, CA: Sage.Google Scholar
  35. Martin, J. (2014). Lost on the Silk Road: Online drug distribution and the cryptomarket. Criminology and Criminal Justice, 14, 351–367.CrossRefGoogle Scholar
  36. Motoyama, M., McCoy, D., Levchenko, K., Savage, S., & Voelker, G. M. (2011). An analysis of underground forums. IMC’11, 71–79.Google Scholar
  37. Newman, G., & Clarke, R. (2003). Superhighway robbery: Preventing e-commerce crime. Cullompton: Willan Press.Google Scholar
  38. Pavia, J. M., Veres-Ferrer, E. J., & Foix-Escura, G. (2012). Credit card incidents and control systems. International Journal of Information Management, 32, 501–503.CrossRefGoogle Scholar
  39. Peretti, K. K. (2009). Data breaches: What the underground world of “carding” reveals. Santa Clara Computer and High Technology Law Journal, 25, 375–413.Google Scholar
  40. Poulsen, K. (2012). Kingpin: How one hacker took over the billion dollar cybercrime underground. New York: Broadway.Google Scholar
  41. Scott, M. S., & Dedel, K. (2006). Street prostitution. US Department of Justice, Office of Community Oriented Policing Services.Google Scholar
  42. Schneider, J. L. (2005). Stolen-goods markets: Methods of disposal. British Journal of Criminology, 45, 129–140.CrossRefGoogle Scholar
  43. Stevenson, R. J., Forsythe, L. M. V., & Weatherburn, D. (2001). The stolen goods market in New South Wales Australia: An analysis of disposal avenues and tactics. British Journal of Criminology, 41, 101–118.CrossRefGoogle Scholar
  44. Sullivan, R. J. (2013). The US adoption of computer-chip payment cards: Implications for payment fraud. Economic Review. Federal Reserve Bank of Kansas City.Google Scholar
  45. Surowiecki, J. (2013). Why did criminals trust liberty reserve. The New Yorker, May 31. Retrieved from liberty-reserve.html
  46. Symantec Corporation. (2014). Symantec Internet security threat report, Volume 19.
  47. Tucker, E. (2014). One simple legal fix could help fight overseas credit card fraud, claims DOJ. PBS Newshour. Retrieved from
  48. U.S. Department of Justice. (2008). Overview of the law enforcement strategy to combat international organized crime. Washington, DC: U.S. Department of Justice. Retrieved from
  49. U.S. Department of Justice. (2013). International credit card trafficker sentenced to 88 months in prison. Washington, DC: Department of Justice Office of Public Affairs. Retrieved from
  50. Wall, D. S. (2007). Cybercrime: The transformation of crime in the information age. Cambridge: Polity Press.Google Scholar
  51. Wehinger, F. (2011). The Dark Net: Self-regulation dynamics of illegal online markets for identities and related services. Intelligence and Security Informatics Conference, 209–213.Google Scholar
  52. Wilson, S. (2012). Calling for a uniform approach to card fraud offline and on. Journal of Internet Banking and Commerce, 17, 1–5.ADSGoogle Scholar
  53. Wright, R. T., & Decker, S. H. (1994). Burglars on the job: Streetlife and residential break-ins. Boston, MA: Northeastern University Press.Google Scholar
  54. Yip, M., Webber, C., & Shadbolt, N. (2013). Trust among cybercriminals? Carding forums, uncertainty, and implications for policing. Policing and Society, 23, 1–24.CrossRefGoogle Scholar
  55. Zetter, K. (2013). 9 years after Shadowcrew, Feds get their hands on fugitive cybercrook. Wired, July 1. Retrieved from

Copyright information

© The Author(s) 2016

Authors and Affiliations

  1. 1.Michigan State UniversityEast LansingUSA
  2. 2.East Carolina UniversityGreenvilleUSA
  3. 3.Michigan State UniversityEast LansingUSA

Personalised recommendations