The underground economy of cybercrime activity on the
Internet published last week provides some frightening data
about the amount of money criminals are making online.
Internet security firm Symantec estimates that millions of
dollars are being siphoned off through a wide variety of
scams.
The Underground Economy report was based on information
gained in the year ending July 2008.
Symantec defines cybercrime as any crime that is committed
using a computer, network, or hardware device.
The computer or device may be the agent of the crime, the
facilitator of the crime or the target of the crime.
Two of the most common platforms available to participants in
the online underground economy were channels on IRC services
and web-based forums.
Both featured discussion groups that participants used to buy
and sell fraudulent goods and services.
Items sold included credit card data, bank account
credentials, email accounts and just about any other
information that could be exploited for profit.
Services could include cashiers who could transfer funds from
stolen accounts into true currency, phishing and scam page
hosting and job advertisements for roles such as scam
developers or phishing partners.
Symantec said many of the goods and services advertised on
underground economy servers formed a self-sustaining
marketplace.
Spam and phishing attempts were attractive because of their
effectiveness in harvesting credit card information and
financial accounts.
Along with the potential financial gain from the sale of such
information, the profits could also help build an underground
economy business as profits from one exploit could be
reinvested and used to hire developers for other scams.
They could also be used to purchase new malicious code or new
phishing tool kits.
Goods and services
The potential value of total advertised goods in this sample
was more than $US276 million ($NZ511 million) for the
reporting period.
The value measured how much advertisers would make if they
liquidated their inventory and was determined using the
advertised prices of the goods and services.
During the reporting period, the category of credit card
information accounted for 31% of all advertisements for sale.
It was also the most requested category with 24% of the total
requested advertisements.
Bank account credentials were the most commonly advertised
item for sale on the underground economy servers known to
Symantec, accounting for 18% of all items.
Prices for bank account credentials ranged from $US10 to
$US1000.
Symantec observed 44,572 unique samples of sensitive
information publicly posted on underground economy servers,
accounted for 10% of the total distinct messages.
Credit card information was the most common unique sample
posted on underground economy servers, accounting for 59% of
the total.
The potential worth of credit card information and bank
account credentials on underground economy servers during
this reporting period was $US7 billion.
Malicious Tools
The highest priced attack tools during the reporting period
were botnets which sold for an average of $US225.
Phishing scam hosting services were offered for an average
price of $US10 with prices ranging from $US2 to $US80.
The average price of a keystroke logger advertised on the
underground economy was $US23.
The highest ranked exploit was site-specific vulnerabilities
in financial sites which were advertised for an average price
of $US740 with prices ranging from $US100 to $US2999.
Advertisers
The potential worth of credit card information and bank
account credentials on underground economy servers for the 10
most active advertisers was $US18.3 million.
Symantec observed 69,130 distinct active advertisers and more
than 44 million total messages posted on underground economy
servers during this reporting period.
The top 10 most active advertisers accounted for 11% of the
total messages posted, six of the top 10 had credit card
information as their top category for sale.
The most active advertiser posted messages for a wide array
of goods and services that covered 15 counties throughout the
world.
Servers and Channels
Ninety-eight percent of underground economy servers had
life-spans of less than six months.
One of the largest IRC server networks observed had about
28,000 channels and 90,000 users at one point.
In contrast, one of the smallest underground economy servers
had only five channels and 40 users.
The North American region had the largest number of
underground servers, hosting 46% of the total.
Software Piracy
Desktop games were the most pirated software, accounting for
49% of all file instances observed.
Individual prices of software ranged from $US20 to $US8000.
The approximate value of all categorised file instances
observed by Symantec was $US84.3 million.
Multimedia software accounted for about $US53 million of the
total.
The top country for file instances was the United States
followed by the United Kingdom.
Symantec said governments had become more sophisticated in
their awareness of cybercrime and specific legislation had
been developed at national and international levels to combat
online fraud.
As with crime anywhere, the online underground economy would
continue to be a struggle between participants looking to
profit from fraud and the various authorities and anti-fraud
organisations trying to shut them down.
