A peek into the underground economy and the market for stolen credit cards

Linda Musthaler
By | February 17, 2012

Posted in: Network Security Trends

There’s a great article from Bloomberg (Stolen credit cards for $3.50 online) in which author Michael Riley explores the depths of the underground market for stolen credit card data. Reading this is enough to make you want to stuff all your money in a mattress for safe keeping.

By some estimates, the underground digital economy has now surpassed the estimated value of the international cocaine market. Oddly enough, this underground market actually functions like a legitimate economy in many ways. Not only do hackers sell their malware as if it were commercial software – complete with upgrades from time to time – but novice cyber criminals also can obtain training on how to get into the business. Black hat entrepreneurs offer translation services so those phishing scams can reach target victims in their native languages. What’s next, hacker support hot lines? (Maybe not hotlines, but there are chat rooms for sharing tips and “best practices.”)

"The problem is getting worse faster than we're getting better," according to Tony Sager, the chief operating officer of the Information Assurance Directorate at the National Security Agency, which includes some of the U.S. government's best cyber experts. "We're not keeping pace."

2009 was a turning point year for the malware industry. In 2009, Symantec cataloged 2.8 million new viruses infecting computers. A year later that number had jumped to 286 million. This is the time frame when Zeus and its stepchild SpyEye came onto the scene, changing the illicit business model from “write your own code” to “buy the malware starter kit.” It allowed countless criminals with no technical knowledge to enter the market.

Riley’s article does offer some hope for the white hats. The FBI and its international counterparts have learned some lessons from big take-downs in the past year. And as we’ve seen with the dramatic drop in spam when just one or two botnets were dismantled, all it takes is one good crime bust to put a dent in the underground market, at least for a while.

You May Also Be Interested In: