The market for buying and selling stolen credit card numbers and access to financial accounts has reached the $276 million mark, according to a new report from Symantec Corp.
Symantec said the total value of the stolen data has risen sharply in recent years as spam gangs and individual phishers sell credit card information in bulk on Web forums and bulletin boards right in the public eye. The market has become so big that phishers have to fight for credibility in a seedy underground where it's common for cybercriminals to phish other phishers.
Symantec's Security Technology and Response gathered the data to develop the report. The organization observed underground economy servers between July 1, 2007 and June 30, 2008.
Stolen credit card data accounted for 31% of the total goods and services offered in the underground market. The fraudulent credit card numbers sell in bulk for as little as 10 cents to $25 per card. Symantec said the potential worth of all credit cards advertised during the reporting period was $5.3 billion.
In this edition of Security Wire Weekly (July 30), Security researchers Billy Rios and Nitesh Dhanjani explain how they infiltrated the phishing underground in a preview their Black Hat presentation: “Bad Sushi: Beating Phishers at Their Own Game.”
Access to stolen financial accounts represented 20% percent of the total. Symantec said stolen bank account information sells for between $10 and $1,000. The average advertised stolen bank account balance is nearly $40,000. The worth of the bank accounts advertised during the reporting period was $1.7 billion, Symantec said.
Symantec said its team observed nearly 70,000 active advertisers in underground forums. Though North America hosted the largest number of underground servers, Symantec said they are located throughout the world and constantly change to avoid detection.
"The underground economy is geographically diverse and generates revenue for cybercriminals who range from loose collections of individuals to organized and sophisticated groups," Symantec said in a statement.
Security researchers Nitesh Dhanjani and Billy Rios recently conducted research into the market for stolen goods. Over the course of a year they got friendly with phishers to understand how the black market works. In a presentation of their findings at the Black Hat briefings, the two researchers said that the barrier into the market is very low. Automated tools, which can be purchased in the same underground forums, make it easy to get started.
"A lot of people we were talking to were not really very sophisticated," Rios said in a recent interview. "All it really requires is a little bit of time, reaching out to the right people, getting the right tools and then deploying them."
Finding the stolen data for sale is not difficult, Rios said. Many phishers share stolen credit card information on open bulletin boards available for anyone to access.
"There was no secrete handshake, no private password and no registration," Rios said. "All the information was available for anyone to see."