The global financial crisis has ramped up the competition among cybercriminals, forcing them to offer a wide array...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
of products and services to stay competitive.
A new report, conducted by Panda Security, shows that cybercriminals endeavored to diversify their business activities in 2010. What was once a secretive market dealing primarily in illegally obtained data, now advertises on popular social networking sites and offers a myriad of services.
"More people are doing this … so there is more competition and they have to offer new stuff to be attractive," said Luis Corrons, technical director of Panda Security's PandaLabs research team.
Credit card and banking details were once the primary fixture of this criminal industry, but today cybercriminals are getting more specific, offering a menu of options, including specific credit card brands or for cards issued in a certain country. The most expensive card details come from European and Asian countries, according to the report, "The Cyber Crime Black Market," issued by Panda Security's PandaLabs research team.
Black market cyber-crime prices
Credit card details: $2-90
Money laundering: 10-40% of total
Card cloners: $200-1000
Spam rental: From $15
VPN rental: $20 for three months
Online Stores: $80-1500
Cybercriminals who sell the information offer it a la carte with elaborate pricing structures, Corrons said. Credit card details can be purchased for as little as $2 a card. Credit card details with a guaranteed line of credit can cost as much as $80 per card. These markets operate like true economies under the rules of supply and demand, Corrons said. They have pricing wars, deals, bulk discounts and special offers. They even offer money back guarantees.
Among the services made available for consumption are bank transfers and check cashing. Commissions run from 10% to 40% depending on the amount received. If stolen bank details are used, cybercriminals charge a delivery fee between $30 and $300. According to the Panda Security report, these prices are standard and the competition comes largely from the speed of the service.
PandaLabs researchers also discovered cybercriminals starting to market their services, expanding to social networks like Twitter and Facebook. While this was surprising to the research team, the trend is unlikely to continue.
"I don't think [the use of social networks] is going to be a trend because it's very easy -- if anyone reports that kind of usage of their account in Twitter or Facebook – for any of the two companies to close it," Corrons said.
Another new service is the development and indexing of fake online stores for the purpose of stealing credit card information. With this service, a buyer pays for the Web design and implementation of a fake online store. It's a practice used by cybercriminals peddling rogueware or fake antivirus software. The store seemingly sells software or some other product that is popular to buy online and prompts the victim to enter credit card data, just like a real online store. However, the victims will never receive their purchase and someone is stealing their data. The price depends on the project.
Also available is a purchasing and forwarding service, which a customer who is apprehensive of using a stolen credit card or committing mail fraud may find useful. With this service, the provider offers to buy products for the purchaser using the purchaser's illegally obtained credit card data and then forward those products to the purchasers address. This service costs a flat fee depending on the type of product being purchased and forwarded. This is essentially an immediate form of money laundering with an intermediary.
Luis CorronsTechnical Director, Panda Security
"You can find all kinds of services. … These were things I didn't see in the last two years and we are seeing them now," Corrons said.
Corrons said more law enforcement resources and cooperation between countries is needed to address the issue. Multiple jurisdictions make cracking down on cybercriminal operations a complicated problem, he said.
"It's not just everything about resources and putting money on the table," Corrons said. "One of the main problems law enforcements finds is that when these crimes happen, usually they happen in different countries and the main problem law enforcement has is that they can't act in other countries."