Symantec says Internet underground economy is organized and rich

Screenshot of IRC discussion between people buying and selling tools for cybercrime.

(Credit: Symantec)

Did you know that you can buy a keystroke logger for $23 or pay $10 to have someone host your phishing scam? Having a botnet at your fingertips will cost you $225, and a tool that exploits a vulnerability on a banking site averages $740 and runs as high as $3,000.

That's according to the Symantec Report on the Internet Underground Economy due to be released Monday.

Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between July 1, 2007 and June 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information.

For example, credit card information accounted for more than 30 percent of all of the types of goods and services sold and was the most requested category. Bank account credentials were the most commonly advertised thing for sale on underground economy servers monitored by Symantec, with prices ranging from $10 to $1,000 depending on the balance and location of the account.

This is a lucrative business, Symantec has discovered. If the sellers were able to sell everything they were offering, the amount would reach more than $275 million. That represents just the sales amount. Factoring in the emptying of victims' accounts and maxing out credit cards, the potential worth of credit card information and bank credentials for sale would be $7 billion, the report estimates.

The report also studied trends in software piracy, with researchers monitoring those sales between July and September of this year. The most pirated software was found to be desktop games, followed by utility applications and then multimedia software, such as photo editors, 3D animation, and HTML editors.

There is some interesting geographical data as well. Most of the people uploading pirated software to be sold were in the United States, the report found. The U.S. was home to most of the underground economy servers (41 percent) followed by Romania (13 percent) and North America had the largest number of underground economy servers.

Meanwhile, cybercriminals in Russia and Eastern Europe appear to be more organized than their counterparts in the North America who are "often made up of acquaintances who have met in online forums and/or IRC channels," the report says.

"The big picture is this system is highly self-sustaining. You can buy the attack tool kit, use it to steal information and sell that information to others in the economy," Zulfikar Ramzan, technical director of Symantec Test and Response, said in an interview. "You don't need to have expertise in every area of cybercrime. You can have expertise in just one area and with others, form a supply chain to make money."

The report joins a growing list of research devoted to the organization and sophistication of the cyber underground. Affinion Group , as well as McAfee and Finjan monitor such underground marketplaces. RSA discovered that data from 550,000 online bank accounts and credit card accounts was stolen with the aid of one Trojan, and has done research on the "Internet Fraud Chain".

This table shows the sales price and estimated value of pirated software sold on underground economy servers monitored by Symantec.

(Credit: Symantec)

Updated Nov. 24 with Symantec researcher comment and background on other research.

[Mr. Dee]

I knew about the credit card racket from 2006 from 20/20 ABC.

[HlLLARY CLITON]

if the govt could only figure out a way to tax this

[WayneSMT]

The governmant will find a way to shut down the net and yet still keep their stuff up. They have to, the underground theft is in direct opposition of the governments theft. Who do you think carries the bigger stick? I'm betting on the government. There will come a day real soon, that the internet will go down and all communication will go down. It will come back up. But it will not be the same and it will not be inclusive as it is now.

[GoldenBunip]

The fact that all of these illegal banking and credit card details are for sale on line shows the complete lack of ANY understanding in international policing of IT.
I bet that if I put an advert in The Times (any countries version) for selling personal credit card details I would be arrested by the end of the day, yet the underground can simply use tools such as ICR to freely advertise all manner of illegal good with relatively low risks.
Come on police get a grip and close the sites and chase the sellers, how obvious do the criminals have to get, would they even manage chase and arrest somebody selling bank details on Ebay?
The state of cyber detection is appalling, allowing every type of illegal criminals to flourish, from terrorist, paedophiles to human traffickers (what a nice way of saying slavery).

[thelemurking]

If you really believe the police can shut down IRC, then you got a lot to learn. There's countless thousands of underground IRC servers, a lot with legit channels, but then there are private channels for just about anything you could imagine. If you manage to knock out IRC through some bit of magic and some strange planetary cosmic alignment... there's still tons of other ways to communicate. Do you really think people this well organized would fall apart because you shut down their little chat room?

[skswave]

It's time for all of the major service providers to support The hardware authentication that is in over 275 million PCs the TPM can provide a significant reduction of our reliance on UserID and passwords. This technology will find it's way into every consumer PC over the next few years it is already in every business PC. As users we know how to secure our garage door openers and our Portable phones to their base stations it is time we learn to register our PCs with our service providers. Each service can have it's own seperate identity. It is time Ebay, google, Yahoo, Citibank and others take our security seriously.

You can't sell digital Identities if you can't steal them. A TPM will eliminate the bulk of fishing attacks and make it really hard to sell secret keys if they are protected by a hardware vault on your motherboard.

There is still much work to do but the foundation for a more secure internet is being layed


Steven Sprague
CEO
Wave Systems Corp.

[knowles2]

And is not that what they said about chip and pin, completely secured, will never be crack and will be the end of banking fraud. It was crack even before it became widlu use in Britain. The same with the above system it will be crack just a matter of time, I reckon less than six months before it becomes widely available it be crack and busted wide open for all to take advantage. If not it wot take long after it is deployed before it is cracked, nothing is one hundred percent secured and nothing ever will be,

[metonymy]

Mr. Sprague, CEO, Wave Systems Corp. -- you reference "Ebay, google, Yahoo, Citibank":

What about the members of the Trusted Computing Group (i.e., TCG)? https://www.trustedcomputinggroup.org/about/members/

Of the 140 "Current Members", Why have we not heard nor seen anything from the TCG leaders -- i.e. the "Promoters", AMD, Fujitsu, HP, IBM, Infineon, Intel, Lenovo, Microsoft, Seagate, Sun Micro -- about how they are implementing TCG-tech in-house to secure their IT infrstructure?

Isn't it odd that TCG "Promoters" don't publish case-studies of their own "successful TCG-tech implementations" in order to PROMOTE the relevance of industry-standard security they took part in developing?

Do you think "Ebay, google, Yahoo, Citibank" would follow suit and "take our security seriously" if TCG would lead by example?

Sorry, Mr. Sprague, you finger-pointing at "all the major service providers" rings rather hollow, when your own compatriots at the TCG have not showcased one real-world example of how a major corp. is securing its own IT?

Please correct me if i'm wrong but, of what purpose are your comments? Can your fellow Wave colleague, Mr. Berger (also of the TCG) offer an answer for why TPMs remain dormant, apparently even at the TCG cos. who spawned them?

[metonymy]

Mr. Sprague, CEO, Wave Systems Corp. -- "There is still much work to do but the foundation for a more secure internet is being layed":

yes, Mr. Sprague, and now that what seems like brother's tvtonic/wavexpress experiment has apparently elected to quit draining Wave's distressed cash resources, does Wave have cash on hand to perform such "much work"?

and, just how did this alleged tvtonic/wavexpress experiment fit into your vision of leading Wave Systems to profitability?

did you just now realize there was "still much work to do", such that you formerly found it prudent, over the last 5-6 years, to continue funding a money-losing venture, tvtonic/wavexpress?

alas, steve sprague, unless you have some plan that successfully materializes and makes good on promise you alluded to regarding success leading to appreciation iin WAVX shares over that last 5, 6, 7, ,8 years?... i deem you to be a failure from the perspective of a WAVX shareholder -- whatever you may have accomplished in spearheading and advancing "trusted computing", in my opinion, you wholly squandered about $200 million +/- to provide no return for shareholders who held confidence in your being genuine and true.

sorry, steve, please show those shareholders who hold confidence in your being genuine and true why you are worthy of such trust -- otherwise, may i suggest that you be honorable, in my opinion, and: (1) concede that you enjoyed the ride at shareholders' expense? and, (2) admit that, while "the foundation for a more secure internet is being layed", you failed to capitalize on said foundation in terms of WAVX shareprice appreciation?

sorry, steve -- as a country, we're in rather bleak times financially; are you going to allow for the ultimate insult to your WAVX shareholders and effectively abandon WAVX shares via a bankruptcy filing or something similar? AND claim fault was not yours, mr. ceo?

November 24th, 2008 @ 15:28

To Our Users
by TVTmichael in System Status
http://www.tvtonic.com/news/?p=157

In these tough financial times we are faced with the need to take down the TVTonic service while we restructure for the future.

Although the service is being retired, you?re free to continue to use TVTonic to download and watch your favorite RSS video channels.

If you?d like to uninstall, directions to do so can be found here.

Please check back for news at a later date. Thanks for all your support.

Sincerely,

Michael Sprague
President, Wavexpress

[n3td3v]

If it wasn't for the internet underground Symantec would go out of business. So Symantec are fighting to go out of business, or are they betting that they will never beat cyber crime so will always be in business. Symantec only care about themselves, in reality they don't give a hoot about cyber crime.

"The report also studied trends in software piracy, with researchers monitoring those sales between July and September of this year. The most pirated software was found to be desktop games, followed by utility applications and then multimedia software, such as photo editors, 3D animation, and HTML editors"

HTML Editors??? You must be joking. I just use a simple Notepad built into the OS (that I purchased) to do my HTML editing and webpage designing.

Real Pros use all the built in tools from Windows XP and MS Office Professional to produce a professional website.

HTML Editors...HAH! Bunch of amatures who knows NOTHING about writing HTML/JAVA/VB.

[do_whatudo]

real pros use vim.

Nobody uses MS Office Pro for building web apps/sites.

[EJHilbert]

This is old news. Ever since the hack of companies like DPI in 2001/2002 hackers saw the effect of the market being flooded with stolen data. The price for stolen credit card data with full info dropped from $5 each to about $.35 each.

Hackers understand supply and demand. I can list 20 companies that have had backdoors that hackers use to take only what they need when they need it. They do not steal it all and hope to sell it.

When you hear about major breaches, it is usually because the well has dried up and the hacker is trying to cover his/her tracks by telling averyone about the way to take the data. They rely on the script kiddies and newbies to steal it all and then try to use the information. law Enforcement will of course chase the easy ones and the real/original hacker will get away.

You will also see a flood when rival hackers/hacking crews want to cause havoc. They will go public with someone elses money bag.

In 2000, Vasilli Gorschov and Alexey Ivanov were the first cyber crime business. Gorschov was the manager, Alexey was the hacker and they used a variety of online associates to convert the stolen data into cash or product. All of this was done from an apartment attached to a prison in Chelyabinsk, Russia.

How do I know this? I am intimately aware of these facts because I was an undercover FBI agent who bought the stolen information from hackers around the world. the stolen data could be linked back to online companies and then we would find the back doors that only the hackers would use.

ejhilbert@gmail.com

[ferretboy88]

Find these people and cut their heads off. These people are dirt balls.

[metonymy]

Mr. Sprague, CEO, Wave Systems Corp. -- is brother michael out of a job? is there no more WAVX shareholder money to pay his salary for what has been a money-losing [tvtonc-wavexpress] venture for many years?

November 24th, 2008 @ 15:28

To Our Users
by TVTmichael in System Status
http://www.tvtonic.com/news/?p=157

In these tough financial times we are faced with the need to take down the TVTonic service while we restructure for the future.

Although the service is being retired, you?re free to continue to use TVTonic to download and watch your favorite RSS video channels.

If you?d like to uninstall, directions to do so can be found here.

Please check back for news at a later date. Thanks for all your support.

Sincerely,

Michael Sprague
President, Wavexpress