[132923] in cryptography@c2.net mail archive
street prices for digital goods?
daemon@ATHENA.MIT.EDU (David Molnar)
Wed Sep 10 09:44:52 2008
Date: Wed, 10 Sep 2008 00:12:40 -0700
From: David Molnar <dmolnar@eecs.berkeley.edu>
To: cryptography@metzdowd.com
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig7BE0D53E1879FA3B1DB69C86
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Dan Geer's comment about the street price of heroin as a metric for=20
success has me thinking - are people tracking the street prices of=20
digital underground goods over time? The Symantec Threat Reports do seem =
to report advertised prices for a basket of goods, starting in Volume XI =
(March 2007) and running through the present. For example, Volume XI=20
Table 3 states a Skype account is worth $12, valid Hotmail cookie $3,=20
etc. These are interesting, but it's hard to see changes since they're=20
reported as a band of prices presumably aggregated from many different=20
sources.
I've also seen price anecdotes from Team Cymru. Plus of course the=20
"Nature and Causes of the Wealth of Internet Miscreants" paper from CCS=20
2007. Is there a continuous feed of prices published anywhere (besides=20
the underground servers, of course), or is this still something where=20
you have to go gather data yourself if you want it?
I'm curious because it would be interesting to look at the "street=20
price" for a specific online bank's logins before and after the bank=20
makes a change to its security practices. (One not particularly great=20
example of a change: adopting EV certs.) Alternatively, look at the=20
price of some good before and after a prosecution. If this has already=20
been done, my apologies, I'd appreciate the pointer.
finally, does anyone happen to know of a good review of how the focus on =
street price has performed as a metric for drug interdiction? that is, I =
could imagine cases where some specific intervention causes street price =
to rise but this doesn't lead to a corresponding improvement in things=20
like deaths from drug overdose, number of people using, etc. Does that=20
happen in practice so far as we know or not?
-David Molnar
--------------enig7BE0D53E1879FA3B1DB69C86
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIx3Ntyyxj0uImQ6gRAnGBAJ9MQVdqsn3GZjoW6u+4ruBSOBNIkwCfX1wj
09STGXxHAC+6lu7I5qaFwK8=
=np6R
-----END PGP SIGNATURE-----
--------------enig7BE0D53E1879FA3B1DB69C86--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
