Cybercriminals have been scared away from Web forums to Internet Relay Chat (IRC) servers where they continue to do a brisk trade of financial information worth billions of dollars, according to a new report from Symantec Corp.
In an “underground economy” where credit card numbers are sold in bulk and an average bank account is worth less than $100, cybercriminals advertised $276 million worth of illegal services over a one-year period. The report covers cybercriminal activity from June 30, 2007 to July 1, 2008 and was released today.
The amount of money crooks could tap into from stolen lines of credit and bank accounts is more than $7 billion, according to Dean Turner, director of global intelligence network for Symantec Corp. It shows that despite some victories for the law, criminal activity is booming.
“Because of the high-profile arrests we see around these Web forums, these groups are having to cooperate in ways we haven’t seen before,” Turner says. “Everything that is required by these guys to conduct cybercrime activities – not only stealing information, but the distribution tools too – is all available in this tightly knit, yet decentralized system.”
In the underground world of hackers and identity thieves, members must build up credibility and prove their ability before they are let into a group. It takes a long time, and requires the members of Web forums maintain a username and connect with the same IP address. But this honour amongst thieves system also baits the likes of the FBI and RCMP.
Law enforcement infamously infiltrated the forum Shadowcrew.com in 2005 and charged several members with credit card fraud. Now cyber-crooks are shying away from Web forums and reverting to IRC rooms to conduct their business. Though an older channel than Web forums, there are so many IRC servers and chat rooms that it is almost impossible to find the criminal activity taking place within its labyrinthine structure.
A graphic that adorned the Shadowcrew home page.
“They’re seeking out public forums where they can hide in plain sight,” Turner says. “The number of users on IRC dwarfs the stuff we saw on Web forums.”
The Shadowcrew forum had between 3,000 and 4,000 registered members. But there are tens of thousands of cybercriminals using IRC. All are members of a group motivated by an impressive amount of wealth to be gained in this lucrative marketplace. Law enforcement officials have caught cybercriminals flush with cash, driving expensive cars, and living in luxury condos.
North America is host to the biggest proportion of underground IRC servers, a huge majority of those residing in the U.S. While Canada ranks fifth in the world with five per cent of servers hosted here, the U.S. ranks first with 41 per cent of servers hosted there.
Canada’s portion of underground IRC servers is just a small portion of the North American total.
“It has potential to generate millions of dollars in revenue for the individuals involved,” Turner says. “One grou made about $4.5 million using stolen credit cards over a couple-year period.”
Credit cards were the most popular item to sell in the underground, according to the report. It accounts for 59 per cent of all advertised goods on the market, with an estimated potential value of $5.3 billion. Bank accounts accounted for about eight per cent of services advertised, with an estimated worth of $1.7 billion.
Criminals also traded the tools needed to harvest such valuable information. For example, spam and phishing information was number five on the list at six per cent. Next was financial theft tools, at about one per cent of services. Web site accounts and online gaming accounts were also on offer.
When it comes time to close a deal, cyber-crooks have their own version of dropping a brief case at a park bench. They prefer to use online currency accounts that don’t require they register with real identity information. They will also use proxy servers to mask where they connect from. Trade is also a popular option.
“Let’s say I have a collection of credit card numbers,” Turner says. “Perhaps I want to trade those things for a 150,000 machine botnet.”
The black market for financial information is so saturated that credit cards are often sold in bulk. Access to bank accounts is discounted.
“If you’ve got a bank account with $40,000, chances are it will cost $1,000 to purchase that,” the security expert says. “If you’ve got a bank account with $2,500 it it, you’re probably looking at a $10 sales price.”
Tips to protect yourself
- Use an e-mail filter to block fraudulent messages that are often used in phishing attacks
- Use many layers of security such as anti-virus software, firewalls, and anti-phishing toolbars for your browser
- Limit the amount of sensitive personal information on your computer.
- Use strong passwords and change them on a regular basis.
- Do not store online account passwords with your Web browser’s automatic feature.