Why Cybercrime is Thriving

A new Symantec report finds that despite shaky times for economies around the world, the underground economy is booming and cybercriminals are making big bucks. The research, titled Report on the Underground Economy , was conducted from July 2007 through June of this year and brings cybercrime activity in the underground economy into a sharper focus. The survey looks at the groups involved in today's black market, as well as the major advertisers, and the most popular goods and services available. Symantec puts that value of goods advertised by criminals at US$276 million.

According to the survey, criminals are increasingly turning to IRC servers and Web-based forums to conduct fraudulent business to buy and sell fraudulent goods and services like credit card data and bank account credentials. The system in which these transactions take place is now very sophisticated, and includes job functions such as cashiers who can transfer funds from stolen accounts into true currency. New roles also include phishing and scam page hosting, and job advertisements are even posted for roles as scam developers or phishing partners.

CSO spoke with Dean Turner, Director, Global Intelligence Network, Symantec Technology and Response, for his take on the results.

What was most compelling thing about these findings for you?

I think first and foremost it's the scope: The actual dollar amounts we are talking about, in terms of money lost and potential values and advertised values. Five years ago this wasn't as established as we see it today. Now it's multinational, it's decentralized. In terms of just advertised prices of things for sale, we are talking about in the hundred of millions of dollars. When we add all that up, we're talking about $276 million in advertised goods that we observed in a one year period. We chart things like credit cards, for instance. The potential worth of credit cards traded online during that year was around $5.3 billion.

Five, ten years ago we were talking about people trading wares. People were trading software and making that available. Now we have credit cards, personal identities, bank accounts. I don't think anyone has ever put numbers to that. We are talking about billions of billions of dollars worldwide. This is a serious economic problem.

Talk about that a bit more. Are you saying this is a serious problem for the individuals affected, the victims? Or are you stating there is a larger economic impact to this?

I'm referring first and foremost to individuals. But I think it has larger economic impact because of the model itself. When we look at the way that they are doing this and its anonymous nature, it has larger implications when we talk about how we put a stop to this. How does law enforcement do that? We obviously need increased cooperation between law enforcement agencies worldwide. Criminals are using things like Internet Relay Chat -- which is highly anonymous and difficult to track. If we can't indentify who and where the criminals are, all the cooperation in the world won't make it any easier to find them. How are we going to put a clamp down on this problem? And obviously, when we look at these numbers, we see this is a problem that isn't getting better, it's getting worse.

Page Break

As it is getting worse, it seems to be getting much more sophisticated. Can you give some details of the new roles that have evolved in this black economy?

It's incredibly sophisticated. It's a self-sustaining economy. It mimics traditional free-market capitalist market economics. It's all about supply and demand.

Look at the goods and services that are advertised online. Credit card information, for instance, was 31 percent of all advertisements online. Because of the demand, dollar amounts are being funneled to other places. You can buy all the tools necessary to actually aid in the collection of and the theft of credit card information. It is its own little self-sustaining world that operates like any other physical black market economy.

One category that is rising quickly is financial accounts. What is for sale and what is bought and sold are things that result in a quick transfer of cash. Credit cards are used to buy other items online. But we are seeing an increase in financial accounts where money can be cashed out immediately.

And there are new job classes. We have seen development in the role of the "cashier." Cashiers are in the country where the money is being cashed out and they will recruit people who fit the profile of the person being scammed. That person goes to that service where they money is being held and cashes out that money. Financial accounts can hold balances up to $40,000. So, if you've got a compromised account and can transfer those funds to another account, that is real cash immediately.

Give us a picture of just how lucrative it is to deal in cybercrime.

All told, when we look at the top 10 advertisers, they make up a small proportion. The underground economy also has a lot of casual participants. IRC has tens of thousand of participants and they are making real money.

How are these criminals communicating now? Is it as easy as a Google search to find black market-type information?

Sadly, you probably could do that. We've seen video tutorials on YouTube for that sort of thing. Not to say YouTube is a haven, but that's one of the kinds of mediums now used. We've seen groups like the Shadow Crew in the past that have set up web sites. Now there us a fair amount of attention paid by the FBI and The US Secret Service to targeting groups with a web presence. And the net affect is they have done a great job shutting down these groups, like the Shadow Crew. I think Shadow Crew was responsible for about ten million bucks in credit card fraud in just 2 years.

Page Break

But what is happening now is they are being driven further underground to more anonymous places activity, like Internet Relay Chats. What is interesting is IRC has been around for a long time. The net affect is these criminals are just leveraging technology that had been available to them. Criminals are criminals are criminals. They are going to always utilize the technology that's available to them.

How is recruiting done now in the underground economy?

Previously, in the web-form world, you had to have some kind of credibility. You could register as a user on these sites and be certain class of users until you provided more information. But with groups now, their membership base is tightly held. So, we don't know really how they are recruiting except to say probably by word of mouth and usually in closed channels, not on the web.

In terms of IRC, whether you are buyer or a seller, you can log into a relay chat, pick a server and join in. You sit there and watch. If you are a criminal and you know of a data base of social security or credit card numbers, you type in a channel and say: "I've got numbers available." You will have people contact you within in seconds.

Who are the criminals these days and where are they located?

I think the popular consensus is these are kids in the basement that are bored: a 14-year-old teen hacker. That is not the case. That is really not the case. We looked at differences in Eastern Europe, Russia and North America in terms of the type of criminal we are talking about. In Eastern Europe and Russia it's much more organized, much more tightly knit. In North America, it's a looser association.

What is interesting is the groups have to work in concert together. Eastern Europeans and Russians are more into producing physical materials, like fake credit cards or ATM cards. But in order to get that they have to work with counterparts in North America to get access to things like North American banks or ATMs. So in that need to work together, we see a sort of a delineation of duties, like in any company. You've got the guy who is the phishing specialist, the guy who is the spam specialist or the malicious code specialist, all working together to have this large distribution network to get threats out there and gather info needed to steal things like credit card numbers.