It may be a gloomy financial picture out there for those who make an honest day's living, but for thieves, hackers, and traffickers in stolen data, business is booming.
That's the premise of security firm Symantec's "Report on the Underground Economy," released November 24. The firm analyzed trends in Internet-based crime from July 2007 to June 2008, including extensive monitoring of networks and servers owned by groups that trade in stolen personal information, such as credit card numbers.
"The underground economy has matured into a global market with the same supply and demand pressures and responses of any other economy," the report authors said. "There are a great many servers and channels available to advertisers to market their wares, which they do, and often."
The company's team monitored 44,752 unique samples of personal information publicly posted on underground economy servers while researching the report. Symantec estimated that the total value of the information they monitored was over $276 million dollars.
Available for sale
Credit card information, including numbers and card verification value (CVV2) security codes, were the most heavily advertised items in the underground economy, accounting for 31 percent of the total information surveyed by the researchers.
It was also the most demanded item by other traders in the economy, owing to the ease with which credit card information can be used to make online transactions with little verification involved.
While stolen credit card numbers sell for as little as $0.10 to $25 per card, the average limit of stolen credit card accounts was $4,000, according to Symantec. Traffickers using stolen credit card information often focus on making small purchases at online stores to avoid being detected, particularly during high-volume times such as the holiday shopping season.
The second highest category of requested information was personal banking data, such as account numbers, online payment information, and online stock trading accounts. Criminals use stolen bank account information to cash out or launder the funds they steal from other activities, often assuming the identity of the victim or sending intermediaries to procure the hard currency.
The average total worth of observed bank accounts was $40,000, the report said.
Stolen bank accounts also fetched a much higher price than credit card information in the underground economy, with accounts ranging from $10 to $1,000 in price. Business accounts, overseas accounts, or those with bundled personal information tilted to the more expensive end of the spectrum.
The third ranking category of available information included email passwords, email accounts, and other information that could be used to spam unsuspecting users or "phish" for more personal and financial information.
Shadow gatherings
The black market for selling and buying stolen information congregates in various places around the Internet, chiefly in Internet relay chats (IRC) and Web forums, the report said. IRC forums had the advantage of being quick and easy to set up for the purposes of selling data, and equally quick to disassemble if word got out that they were being watched or that a sting by authorities was underway.
Web forums were more accessible and stable to use for regular transactions, but also increased the risk of getting caught.
Both forums and their users relied on trust and reputation to verify the people they did business with, whether through a common nickname or user alias or verifying beforehand if the goods being sold were genuine.
Using regular aliases helped many sellers establish credibility, but it also increased their visibility to authorities. Many traders often changed their nicknames to escape a bad reputation or potential investigation.
Even in an underground economy, there were standards of conduct. "Rippers," those who sold fake personal information, were harshly punished in the underground communities, often quickly banned from forums within moments of being discovered.
North America hosted the largest number of underground economy servers (46 percent), followed by Europe, the Middle East, and Africa combined at 38 percent. The United States had the dubious honor of being the country with the single largest number of servers hosting underground transactions, at 41 percent, owing to both its expansive broadband Internet access and status as a large cybercrime center.
Romania was the second largest host of underground economy transactions at 13 percent, followed by Germany at 11 percent.
