Measuring the Market for Hacked Data

Posted by: Aaron Ricadela on November 24, 2008

Cyber criminals have assembled a black market for information worth $276 million, according to a new study by computer security company Symantec, which is spotlighting the results as these underground transactions drive more hacking attacks.

Symantec toted up the advertised prices hackers posted on Internet forums for stolen credit cards, bank accounts, and identification data; plus hacking tools and pirated software between July 1, 20007 and June 30, 2008. The company gathered the information by monitoring the publicly available chat boards used to make markets in stolen data and malware. Among the top findings, according to Symantec vice-president of engineering Alfred Huger:
¶ Cyber crooks are working in groups to package stolen data with the software tools needed to launch new attacks.
¶ Hackers increasingly sell programming services to help others customize data-filching software to take advantage of new vulnerabilities in computer systems.
¶ A new underground market has emerged for services which will verify the authenticity of stolen credit card data by making small charges to the cards.

Symantec spotlighted its findings in its Nov. 24 Report on the Underground Economy. It’s the first year the company has broken the results out from its larger Internet Security Threat Report, which it issues each spring. Economic incentives are the motivation behind virtually all cyber attacks now, says Huger, and the company plans to incorporate some of the findings into its consumer- and business-oriented security software. “It’s pretty uncommon for us to see a piece of malware that isn’t written with the intention of stealing something off your PC,” he says.

Symantec monitored 69,130 advertisers of purloined information and hacking tools across 135 servers, and totaled the amount the sellers would have received if they sold everything at advertised prices. The Underground Economy report also put the value of hacked bank accounts and stolen credit cards’ charging power at $7 billion. The report comes as cyber criminals are sniffing new ground for potential targets, for example by infiltrating social networks.

Symantec on Nov. 17 said its CEO, John Thompson, will retire in April, and be replaced by current chief operating officer Enrique Salem.

Reader Comments

Paul Swanson

November 25, 2008 3:22 AM

Interesting article, however the report's findings would carry more weight if they weren't being issued by a company who's bread and butter is in selling computer security software.

best pc guide

November 25, 2008 2:15 PM

Great Information.I found your site very interesting With the right information Thanks.The advantages of online background checks include swifter results at low cost and easy communication during and after the background check is complete.

Al Huebscher

November 30, 2008 7:18 AM

Any way you slice it, the credit cards are responsible for fraud therefore it is in their best interest to investigate false charges to anyones credit cards. Although rare, I've had charges made to one of my credit cards. Inevitably the credit card company was responsible.
And, I agree with the previous comment by Paul Swanson, this article would hold more weight if it were written by someone other than a beneficiary of giving possible false information.

Post a comment

 

About

Bloomberg Businessweek writers Peter Burrows, Cliff Edwards, Olga Kharif, Aaron Ricadela, and Douglas MacMillan, dig behind the headlines to analyze what’s really happening throughout the world of technology. Tech Beat covers everything from tech bellwethers like Apple, Google, and Intel and emerging new leaders such as Facebook to new technologies, trends, and controversies.

Categories

 

BW Mall - Sponsored Links

Buy a link now!