Risky Business - Investigating the Security Practices of Vendors on an Online Anonymous Market Using Ground-Truth Data

Explore a 16-minute conference talk from USENIX Security '21 that investigates the security practices of vendors on online anonymous markets using ground-truth data. Delve into the research conducted by Jochem van de Laarschot and Rolf van Wegberg from Delft University of Technology, examining the prevalence of poor security practices among cybercriminal entrepreneurs on Hansa Market (2015-2017). Learn about the creation of 'vendor types' through latent profile analysis and how these types differ in their security practices, including password strength, 2FA usage, PGP adoption, and cash-out traceability. Discover the counter-intuitive findings that vendors of digital items often employ less secure practices compared to those selling physical goods like drugs. Gain insights into the competing business incentives that may lead cybercriminals to compromise on security despite operating in a high-risk environment.

Introduction
Online Anonymous Markets
Poor Security Practices
Method
Vendor Types
Security Practices
Password Strength
PGP Keys
Conclusion