Leakonomics: The Supply and Demand of Hacked Data in the Criminal Underground
Megan Miller | Rhys Leahy | Olivia Kantor
When law enforcement seized RaidForums in the spring of 2022, the DOJ identified it as 'one of the world's largest hacker forums... for cybercriminals to buy and sell hacked data.'1 Soon after the seizure, BreachedForums emerged as its successor, and within a few months eclipsed RaidForums in terms of users, engagement, and the volume of leaked data. Using a comprehensive dataset of activity on Breached– from its emergence in March of 2022 to seizure in 2023– we show how and why Breached became the largest criminal forum for hacked and leaked data. We also dive into the market for leaked data, showing supply and demand curves for data leaks to understand how cybercriminals value different datasets that can be used in phishing, credential-based attacks, or information operations. Insights into how participants in the underground behave tell us where we should focus our efforts to persistently track these communities, and how they adapt in a world of constant surveillance and scrutiny.
Attendees will:
Learn about criminal hacker communities and how they operate within a rapidly shifting ecosystem impacted by law enforcement surveillance, information warfare, and rival hacker interests.
See our research demonstrating how and why Breached emerged as the successor to RaidForums based on our power ranking of influential users, and comparative analysis of the structure, subforums, and data leaks across both sites.
Receive our marketplace analysis framework that presents metrics such as price changes in different data leaks over time, time from advertisement to sale, and breakdown of price by affected industry sector.
Dissecting leaked data and understanding how that data is published and disseminated in order to advance threat actors’ agendas.