Symantec identifies underground criminal economy

News by Dan Raywood

An underground criminal economy is booming.

An underground criminal economy is booming.


According to Symantec's ‘Report on the Underground Economy', an underground economy has matured into an efficient, global marketplace where stolen goods and fraud-related services are regularly bought and sold.


It is also where the estimated value of goods offered by individual traders is measured in millions of pounds, the potential value of total advertised goods observed by Symantec was more than £184 million for the reporting period.


Credit card information is the most advertised category of goods and services on the underground economy and accounts for 31 per cent of the total. While stolen credit card numbers sell for as little as seven pence to £17 per card, the average advertised stolen credit card limit was more than £2,650. Symantec has calculated that the potential worth of all credit cards advertised during the reporting period was £3.53 billion.


The second most common category of goods and services advertised was financial accounts at 20 per cent of the total. While stolen bank account information sells for between £6.50 and £650, the average advertised stolen bank account balance is nearly £26,700.


Calculating the average advertised balance of a bank account together with the average price for stolen bank account numbers, the worth of the bank accounts advertised during this reporting period was £1.1 billion.


John Turner, VP EMA pre-sales at Symantec, said: “I believe that the up and coming area is ID theft, as once you have credit card information, bank account details, a person's address, you have the keys to the kingdom effectively.”


During the reporting period, Symantec observed 69,130 distinct active advertisers and 44,321,095 total messages posted to underground forums. The potential value of the total advertised goods for the top 10 most active advertisers was £10.8 million for credit cards and £1.3 million for bank accounts.


Turner said: “We got a lot of information from online forums for this report and we found that things are a lot more sophisticated as people are protective of what they say and what is going on. We are looking at gangs that are moving more underground.”


Furthermore, the potential worth of the goods advertised by the single most active advertiser identified by Symantec during the study period was £4.2 billion.


Stephen Trilling, vice president, Symantec security technology and response, said: “As evidenced by the Report on the Underground Economy, today's cybercriminals are thriving off of information they are gathering without permission from consumers and businesses. As these individuals and groups continue to devise new tools and techniques to defraud legitimate users around the globe, protection and mitigation against such attacks must become an international priority.”


Turner said: “This is a culmination of what activity we have seen in security, as the people who are operating now have gone from seeking fame to fortune, the lower the profile the better.


“We started to look at this around three years ago as we were talking about the underground economy and we had the information to quantify the data so we decided to compile it.


“We are not sure if these figures are the tip of the iceberg as a lot of the spam is coming from private enterprise, and as more and more operations are exposed the figures could change. We don't have the proof to identify companies being operative as they are using more and more sophisticated moves, but they are doing all of the things that a legitimate business would do, and in some instances they are more mature, as they are trying to make more long-term profits.”


In order to control, catch and ultimately seize those responsible, Turner claimed a coalition concept would work with a combination of network and software development, as well as law enforcement involvement.


“It is a problem everyone needs to be aware of. It is not just a case of having the right anti-virus anymore, it is about anti-spam, encryption and data loss prevention. For larger companies it is about protecting where the information goes out to and taking a holistic view about protection", said Turner.


“We have customers asking us why legislation is not put in place to go after these people, and the truth is that the problem is worldwide and the botnets can be hosted in any country.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews