New model of cybercrime factors in perishability of stolen data: INFORMS journal study

March 10, 2015

A new model examining cybercrimes adds an important way of examining the perishable value of stolen data so policy makers can plan against future hacks like the recent Anthem data breach, according to a study in the Articles in Advance section of Service Science, a journal published by the Institute for Operations Research and the Management Sciences (INFORMS).

INFORMS is the leading professional association for professionals in advanced analytics.

A Multiproduct Network Economic Model of Cybercrime in Financial Services is by Anna Nagurney, the John F. Smith Memorial Professor of Operations Management at the Isenberg School of Management at the University of Massachusetts Amherst. Professor Nagurney is an INFORMS Fellow. It describes a computer-based model that captures the network economics of cybercrime activity and permits the policy evaluation of interventions.

A novel feature of the model is its inclusion of the critical time element and perishability of stolen cyber financial products with, as in the case of fresh produce, the value (and, hence, the black market price) decreasing over time. It also identifies different demand prices for different financial products, with certain credit cards being more valuable because of credit limit, expiration date, and continent of origin.

Cybercrime exacts billions of dollars from businesses across the globe annually in theft and loss of revenue, as well as damage to reputation, opportunity cost, and disclosure of proprietary information. The financial services sector, in particular, has been a major target of cybercriminals, with cybercrime now the second most commonly reported economic crime affecting such firms. Through new Internet pathways, cybercriminals can attack remotely and remain undetected for months.

The new model includes the sources of financial products (the supply points) and the destinations (the demand points) in a powerful visual representation as a network, accompanied by the associated costs of illicitly acquiring the financial products, the transaction costs associated with finding consumers of such illicit products, and the prices at which they can be sold.

It models cybercriminals as economic agents who evaluate targets by the difference between the demand prices that the products (such as credit and debit cards) command versus the associated costs of stealing and transacting them. Financial service firms are modeled as prey and the hackers as predators. The underlying methodology used to capture such asymmetric interactions is "variational inequality theory," which examines multiple interacting agents on the supply and demand sides.

The network economic framework permits quantifiable evaluation of various policy interventions investigated in the study:In addition, the study shows improved graphical network representation that makes it possible to quantify the addition or removal of demand markets and sources of financial products.

In subsequent research, the author is investigating extensions to this framework that include cybersecurity investments using game theory. These identify not only an individual firm's vulnerability but that of the industry as well. She is also studying supply chain networks' vulnerability to cyberattacks.
The research reported in the paper was supported, in part, by the Advanced Cyber Security Center (ACSC) and by a grant from the National Science Foundation (NSF). Preliminary findings were presented at the Workshop on Cybersecurity Risk Analysis for Enterprises, held at the Sloan School at MIT in September 2014, co-organized by the author with colleagues, and funded by the ACSC, a non-profit consortium in Bedford, MA. Panelists and speakers at the daylong event represented the Isenberg School of Management, UMass Amherst, MIT, Biogen Idec, the U.S. Office of Financial Research, Liberty Mutual, the UMass President's Office, State Street, MITRE, and the Federal Reserve Bank.


INFORMS is the leading international association for professionals in analytics and operations research (O.R.). INFORMS advances research, and develops and promotes best practices in analytics and O.R. through collaboration, knowledge sharing, and professional development. INFORMS helps business, government, and other organization professionals make better decisions to drive value to their organizations and society. Our certification program (CAP®), highly cited publications, educational meetings and conferences, continuing education, industry and process focused networking communities, competitions, and recognition provide professionals with the knowledge and connections they need to achieve ever greater value for their organizations. Further information about INFORMS, analytics, and operations research is at or @informs.

Institute for Operations Research and the Management Sciences

Related Cybercrime Articles from Brightsurf:

The Phish scale: NIST's new tool helps IT staff see why users click on fraudulent emails
Researchers at the National Institute of Standards and Technology (NIST) have developed a new tool called the Phish Scale that could help organizations better train their employees to avoid a particularly dangerous form of cyber attack known as phishing.

No honor among cyber thieves
A backstabbing crime boss and thousands of people looking for free tutorials on hacking and identity theft were two of the more interesting findings of a study examining user activity on two online 'carding forums,' illegal sites that specialize in stolen credit card information.

Protecting yourself from the latest internet sex crime
Researchers from Michigan State University released a study on 'sextortion' -- a lesser-known internet crime that poses a threat to adults and minors -- that sheds light on the importance of protecting the public from online criminals.

In an Internet vacuum, private securities companies prosper in the 'new wild west'
A 'quiet' revolution in unregulated areas of the internet has led to the emergence of a new private security industry, according to latest research from the University of Portsmouth.

Cybercrime: Internet erodes teenage impulse controls
Many teenagers are struggling to control their impulses on the internet, in a scramble for quick thrills and a sense of power online, potentially increasing their risks of becoming cyber criminals.

Organized cybercrime -- not your average mafia
Research from Michigan State University is one of the first to identify common attributes of cybercrime networks, revealing how these groups function and work together to cause an estimated $445-600 billion of harm globally per year.

Prevention better than cure at preventing young users from getting involved in cybercrime
Highly-targeted messaging campaigns from law enforcement can be surprisingly effective at dissuading young gamers from getting involved in cybercrime, a new study has suggested.

Decoding how kids get into hacking
New research from Michigan State University identified characteristics and gender-specific behaviors in kids that could lead them to become juvenile hackers.

Research reveals how personality affects susceptibility to persuasion
Researchers at Edge Hill University in England have helped identify personality traits which make people more (or less) susceptible to persuasion than others.

How a personality trait puts you at risk for cybercrime
Impulse online shopping, downloading music and compulsive email use are all signs of a certain personality trait that make you a target for malware attacks.

Read More: Cybercrime News and Cybercrime Current Events is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to