She examined the steps these offenders take to acquire stolen data, the choices they make along the way, and the environmental factors that influence those choices. The results shed new light on a growing social problem: the trade in stolen personal data.
Digital burglars with a plan
The motivation for the research lies in the increasing number of data breaches, such as the recent incident in which nearly one million women were victimized by a hack at a laboratory conducting cervical cancer research. Madarie wanted to understand how the perpetrators think and act behind such attacks.
Madarie discovered distinct patterns in the behavior of malicious hackers and data thieves. “They first explore the digital network they’ve broken into, much like a burglar scouting a house before striking. Only then do they act.” This exploratory behavior is repeated each time they move through systems. The process takes time — which provides an important insight for companies: acting quickly can prevent major damage. The sooner IT security professionals detect an intrusion and patch vulnerabilities, the smaller the chance that criminals will succeed in stealing sensitive data.
The lure of easy targets
Madarie’s research further shows that offenders don’t just choose targets based on the value of the data, but also on how easy it is to gain access to a system. Organizations with weak digital security thus become more attractive targets. According to Madarie, this means that offenders are not only interested in large organizations with lots of sensitive data, but also in “low-hanging fruit.”
Illegal marketplaces with legal features
Madarie also focused on the online markets where stolen data are traded. She examined three types of platforms: a dark web marketplace, a hackers’ forum, and a so-called paste website. Strikingly, the trade in stolen data strongly resembles legitimate online marketplaces. “Trust also plays a crucial role here. Sellers build reputations through feedback systems and other reputation indicators — just like on eBay or Vinted.” Even the payment systems show similarities: sometimes a middleman holds the money until the buyer is satisfied, in order to increase mutual trust in the anonymous illegal market.
What determines the value of stolen data?
Madarie analyzed more than a thousand advertisements on a dark web market to identify which factors influence buyers’ interest. Price appeared to matter little; language use mattered much more. Titles containing words such as premium attracted more attention, while the word free deterred buyers. “Free data may give the impression that they’ve already been misused several times, making them less valuable to criminals,” Madarie explained. Here too, cybercriminals’ behavior deviated from normal consumer patterns: products that were sold more frequently actually attracted fewer buyers. “In this world, it may be that the more often a dataset circulates, the faster it loses its value.”
Better understanding, better protection
Madarie’s research provides valuable insights for strengthening digital resilience. By understanding how data thieves think and act, businesses and governments can make more targeted investments in prevention and faster response. “Cybercriminals behave rationally, but also opportunistically. If we understand their behavior better, we can secure our systems more intelligently.” Her findings thus form an important foundation for new policies and further research into preventing data theft and the misuse of personal information.