In a document that reads like a modernized episode of The Untouchables, Symantec details a year spent tracking IRC chat channels and Web-based forums to collect data on how cybercriminals interact and how much the desired information costs.
Credit card information predictably comes in as the number one most prevalent and requested form of stolen data: 31 percent of the underground economy lists these numbers for sale, and 24 percent of those involved request them. Symantec explains that buying items online using a credit card — stolen or not — is much easier than using bank accounts or full-blown identity theft.
After bank accounts, phishing and spam are the third most requested method of ripping people off. Most often these types of attacks seem harmless and easily ignorable, but according to the report, these invasions cost U.S. consumers and businesses $2.1 billion in 2007.
Forty-one percent of the underground economy comes from the United States, and the runner up, Romania, accounts for 13 percent. Those stolen credit cards and bank accounts garnered some $275 million for hackers in 2007, but if every stolen credit card and bank account had been emptied, the report estimates the number would reach upwards to $7 billion.
The most disturbing trend revealed has to do with the patience of contemporary online thieves. Instead of the crazy bandit method of breaking into huge businesses and draining accounts, many hackers simply find the payment-processing systems and leave everything else alone. This sneaky approach gives hackers the valuable information they need without setting off loud alarms.
The timing of the report is both scary and convenient. With the holidays right around the corner, online thieves are more likely to attack, as credit card fraud is more difficult to track during peak shopping times. It’s also good for Symantec — anyone looking for computer security software now has a name for a stocking stuffer.