Cybercrime worth millions

The underground economy of cybercrime activity on the Internet published last week provides some frightening data about the amount of money criminals are making online.

Internet security firm Symantec estimates that millions of dollars are being siphoned off through a wide variety of scams.

The Underground Economy report was based on information gained in the year ending July 2008.

Symantec defines cybercrime as any crime that is committed using a computer, network, or hardware device.

The computer or device may be the agent of the crime, the facilitator of the crime or the target of the crime.

Two of the most common platforms available to participants in the online underground economy were channels on IRC services and web-based forums.

Both featured discussion groups that participants used to buy and sell fraudulent goods and services.

Items sold included credit card data, bank account credentials, email accounts and just about any other information that could be exploited for profit.

Services could include cashiers who could transfer funds from stolen accounts into true currency, phishing and scam page hosting and job advertisements for roles such as scam developers or phishing partners.

Symantec said many of the goods and services advertised on underground economy servers formed a self-sustaining marketplace.

Spam and phishing attempts were attractive because of their effectiveness in harvesting credit card information and financial accounts.

Along with the potential financial gain from the sale of such information, the profits could also help build an underground economy business as profits from one exploit could be reinvested and used to hire developers for other scams.

They could also be used to purchase new malicious code or new phishing tool kits.

Goods and services

The potential value of total advertised goods in this sample was more than $US276 million ($NZ511 million) for the reporting period.

The value measured how much advertisers would make if they liquidated their inventory and was determined using the advertised prices of the goods and services.

During the reporting period, the category of credit card information accounted for 31% of all advertisements for sale.

It was also the most requested category with 24% of the total requested advertisements.

Bank account credentials were the most commonly advertised item for sale on the underground economy servers known to Symantec, accounting for 18% of all items.

Prices for bank account credentials ranged from $US10 to $US1000.

Symantec observed 44,572 unique samples of sensitive information publicly posted on underground economy servers, accounted for 10% of the total distinct messages.

Credit card information was the most common unique sample posted on underground economy servers, accounting for 59% of the total.

The potential worth of credit card information and bank account credentials on underground economy servers during this reporting period was $US7 billion.

Malicious Tools

The highest priced attack tools during the reporting period were botnets which sold for an average of $US225.

Phishing scam hosting services were offered for an average price of $US10 with prices ranging from $US2 to $US80.

The average price of a keystroke logger advertised on the underground economy was $US23.

The highest ranked exploit was site-specific vulnerabilities in financial sites which were advertised for an average price of $US740 with prices ranging from $US100 to $US2999.

Advertisers

The potential worth of credit card information and bank account credentials on underground economy servers for the 10 most active advertisers was $US18.3 million.

Symantec observed 69,130 distinct active advertisers and more than 44 million total messages posted on underground economy servers during this reporting period.

The top 10 most active advertisers accounted for 11% of the total messages posted, six of the top 10 had credit card information as their top category for sale.

The most active advertiser posted messages for a wide array of goods and services that covered 15 counties throughout the world.

Servers and Channels

Ninety-eight percent of underground economy servers had life-spans of less than six months.

One of the largest IRC server networks observed had about 28,000 channels and 90,000 users at one point.

In contrast, one of the smallest underground economy servers had only five channels and 40 users.

The North American region had the largest number of underground servers, hosting 46% of the total.

Software Piracy

Desktop games were the most pirated software, accounting for 49% of all file instances observed.

Individual prices of software ranged from $US20 to $US8000.

The approximate value of all categorised file instances observed by Symantec was $US84.3 million.

Multimedia software accounted for about $US53 million of the total.

The top country for file instances was the United States followed by the United Kingdom.

Symantec said governments had become more sophisticated in their awareness of cybercrime and specific legislation had been developed at national and international levels to combat online fraud.

As with crime anywhere, the online underground economy would continue to be a struggle between participants looking to profit from fraud and the various authorities and anti-fraud organisations trying to shut them down.