Exploring trust signals and pathways on cybercrime-as-a-service markets: The case of remote access trojans
摘要
As digital technologies evolve, Cybercrime-as-a-Service (CaaS) markets make sophisticated tools, such as Remote Access Trojans (RATs), available to individuals with limited technical expertise. By reducing technical complexity and perceived risk, these markets may create new pathways into cybercrime. Using Gambetta’s (2009) signaling theory of trust, this study explores how CaaS markets trading RATs facilitate involvement into cybercrime. A multifaceted qualitative approach is used to collect data from 21 expert interviews and covert non-participant observations on six online platforms. The findings suggest that CaaS markets become approachable for newcomers by making RATs easier to access, use, and justify. These markets do not facilitate involvement through one single factor, but through a combination of accessibility, user-friendly design, neutralizing messages, and trust signals. Trust in CaaS markets is established and maintained through two types of signals: structural signals and seller-driven signals. Our study highlights how CaaS markets lower barriers to cybercrime through accessible tools and trust signals, emphasizing the importance of disrupting these mechanisms.