Re: Pricing intrusions

[justin.lister () csfb com (Lister, Justin)]

Stuart,

I'm not sure that such information is available.  I don't think there are
many surveys done on black market pricing.  
My guess is that the price is very negotiable, supply / demand in any case I
believe it would be tied to the perceived value of the information.

I provided some examples of valuable information in the finance industry.
It could be priced in specific examples but I'm not sure there is any
general way of pricing:
1. Encryption keys / passwords for exchange, swift, market data systems &
feeds (Systems and feeds used in trade execution, confirmations, payments
and pricing);
2. Proprietary software / financial models.  In some instances simple Excel
spreadsheets;
3. Internal research - Analyst reports;
4. Merger and Acquisition documentation;
5. Customer Information.

In any case business data is obviously far more valuable than personal
information (credit card, medical records, etc).

Regards, Justin

> -----Original Message-----
> From: Stuart Staniford-Chen <stuart () SiliconDefense com> 
> Sent: Tuesday, 12 Oct 1999 13:53:08 -0700
> To:   ids () uow edu au 
> Subject:      IDS: Pricing intrusions 
>
> I'm wondering if anyone has any data on what various kinds of data are
> worth
> if stolen.  (I'd like to be able to give a client some faintly
> quantitative
> information on what the economic value of their information is to a
> potential
> intruder).
>
> I don't even know the basics like what a credit-card number or calling
> card
> number is worth on the black market.  How about someone's medical records,
> communications with their lawyer, etc?
>
> I guess I'm very innocent not to know this :-)
>
> Thanks,
>
> Stuart.
>
> -- 
> Stuart Staniford-Chen --- President --- Silicon Defense
>                    stuart () silicondefense com
> (707) 822-4588                     (707) 826-7571 (FAX)