Measuring the Market for Hacked Data
Posted by: Aaron Ricadela on November 24, 2008
Cyber criminals have assembled a black market for information worth $276 million, according to a new study by computer security company Symantec, which is spotlighting the results as these underground transactions drive more hacking attacks.
Symantec toted up the advertised prices hackers posted on Internet forums for stolen credit cards, bank accounts, and identification data; plus hacking tools and pirated software between July 1, 20007 and June 30, 2008. The company gathered the information by monitoring the publicly available chat boards used to make markets in stolen data and malware. Among the top findings, according to Symantec vice-president of engineering Alfred Huger:
¶ Cyber crooks are working in groups to package stolen data with the software tools needed to launch new attacks.
¶ Hackers increasingly sell programming services to help others customize data-filching software to take advantage of new vulnerabilities in computer systems.
¶ A new underground market has emerged for services which will verify the authenticity of stolen credit card data by making small charges to the cards.
Symantec spotlighted its findings in its Nov. 24 Report on the Underground Economy. It’s the first year the company has broken the results out from its larger Internet Security Threat Report, which it issues each spring. Economic incentives are the motivation behind virtually all cyber attacks now, says Huger, and the company plans to incorporate some of the findings into its consumer- and business-oriented security software. “It’s pretty uncommon for us to see a piece of malware that isn’t written with the intention of stealing something off your PC,” he says.
Symantec monitored 69,130 advertisers of purloined information and hacking tools across 135 servers, and totaled the amount the sellers would have received if they sold everything at advertised prices. The Underground Economy report also put the value of hacked bank accounts and stolen credit cards’ charging power at $7 billion. The report comes as cyber criminals are sniffing new ground for potential targets, for example by infiltrating social networks.
Symantec on Nov. 17 said its CEO, John Thompson, will retire in April, and be replaced by current chief operating officer Enrique Salem.