Symantec Report on the Underground Economy
On November 24th, I posted about Symantec's release of a detailed report called the "Internet Security Threat Report." That report is now available to anyone who wishes to download the whitepaper.
This from their website. For your convenience, I have included links to more detailed information. Click any of the graphics to enlarge.
The Symantec Report on the Underground Economy examines activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. It includes analysis and discussion of the goods and services advertised, advertisers participating in the economy, the servers and channels that host the trading, and a snapshot of piracy activity observed.
On November 24th, I posted about Symantec's release of a detailed report called the "Internet Security Threat Report." That report is now available to anyone who wishes to download the whitepaper.
This from their website. For your convenience, I have included links to more detailed information. Click any of the graphics to enlarge.
The Symantec Report on the Underground Economy examines activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. It includes analysis and discussion of the goods and services advertised, advertisers participating in the economy, the servers and channels that host the trading, and a snapshot of piracy activity observed.
As I previously stated, this report, is now available to the general public for free download.
Symantec Report on the Underground Economy
Executive Summary: Symantec Report on the Underground Economy:
Symantec Weblog: Postings on the Underground Economy Learn more
Report Highlights
"The underground economy has matured into a global market with the same supply and demand pressures and responses of any other economy. There are a great many servers and channels available to advertisers to market their wares, which they do, and often. Most people associate identity theft with money because most reported cases involve criminals using the identity for activities such as obtaining credit cards, applying for loans, obtaining expensive medical or pharmaceutical treatments, or even stealing house titles. Symantec estimates the value of total advertised goods on underground economy servers was over $276 million between July 1, 2007 and June 30, 2008.
During the reporting period, Symantec monitored 44,752 unique samples of sensitive information publicly posted on underground economy servers, which accounted for 10 percent of the total distinct messages. Sellers often publicly post samples of their goods in the channels on underground economy servers. These samples serve several purposes: to prove that sellers actually have the goods in their possession; to show potential buyers the quality of goods they can expect; to enhance their credibility, and; to allow users to validate the information. The table (above left) identities the top samples of information posted:
Credit card information may rank high because there are many ways it can be obtained and used for fraud. This includes phishing schemes, monitoring merchant card authorizations, the use of magnetic stripe skimming devices, or breaking into databases and other data breaches that expose sensitive information.
During the reporting period, Symantec monitored 44,752 unique samples of sensitive information publicly posted on underground economy servers, which accounted for 10 percent of the total distinct messages. Sellers often publicly post samples of their goods in the channels on underground economy servers. These samples serve several purposes: to prove that sellers actually have the goods in their possession; to show potential buyers the quality of goods they can expect; to enhance their credibility, and; to allow users to validate the information. The table (above left) identities the top samples of information posted:
Credit card information may rank high because there are many ways it can be obtained and used for fraud. This includes phishing schemes, monitoring merchant card authorizations, the use of magnetic stripe skimming devices, or breaking into databases and other data breaches that expose sensitive information.
Another explanation may simply be that there is a high frequency use of credit cards.
For example, the 22 billion credit card transactions in the United States in 2006 represent a growth of eight percent over the previous year. High frequency use and the range of available methods for capturing credit card data would generate more opportunities for theft and compromise and, thus, lead to an increased supply on underground economy servers.
Credit card information may be in such demand because using fraudulent credit card data for activities such as making online purchases is relatively easy. Online shopping can be easy and fast, and a final sale often requires just credit card information. Someone knowledgeable enough could potentially make many transactions with a stolen card before the suspicious activity is detected and the card is suspended.
The second most common category of goods and services advertised was financial accounts, with 20 percent of the total. This category includes bank account credentials, magnetic stripe skimming devices, online payment services, online currency accounts, and online stock trading accounts. This category ranked third for advertised requests, with 18 percent of the total. By far the major contributor to the popularity of the financial accounts category was bank account credentials, which accounted for 18 percent of all goods and services advertised for sale.
Financial accounts are attractive targets because of the opportunity to withdraw currency directly. Although this may involve more steps than using stolen credit card data to make online purchases, the process of cashing out financial accounts can be easier than retrieving cash from credit cards because criminals would require a PIN for the card. Also, most ATMs have security cameras, which may deter criminals from using this medium. In addition, withdrawing currency from a bank account has the advantage of a more immediate financial reward than with online purchases, which would need to be sold to realize a purely financial reward.
Credit card information includes credit card numbers, credit cards with CVV2, and credit card dumps; financial accounts includes bank account numbers, magnetic stripe skimming devices, online payment services, online currency accounts, and online stock accounts; spam and phishing information includes email addresses, email passwords, scams, and mailers; withdrawal services include cash outs and drops that are used to withdraw money and items from purchases; identity theft includes full identities and Social Security numbers; server accounts are for file transfers and virtual networks; compromised computers includes hacked computers, bot-infected computers, and shells; website accounts include online accounts for access to specific websites such as social networking sites; malicious tools includes Web-based attack tools and malicious code; and retail accounts includes gift cards for online stores and online auction accounts.
Magnetic stripe skimming devices are small machines designed to scan and retain data contained in the magnetic stripes on credit and debit cards. To cash out bank accounts, individuals can either use a reliable cashier or can assume the identity of the bank account owner to withdraw funds. Since many bank accounts can only be cashed out from within the issuing country, criminals may prefer the use of cashiers that specialize in extracting currency from these accounts. Such cashiers use a variety of methods to convert the information into true currency, transferring money either through wire transfers or to online currency exchange accounts. They can also hire an intermediary to receive the transfer in person using a fake identity. Symantec observed requests on underground economy servers for cashiers in specific locations and of a particular gender (as matching the cashier’s gender to the identity of the bank account holder is essential to not raise suspicion when withdrawing funds).
The second most common category of goods and services advertised was financial accounts, with 20 percent of the total. This category includes bank account credentials, magnetic stripe skimming devices, online payment services, online currency accounts, and online stock trading accounts. This category ranked third for advertised requests, with 18 percent of the total. By far the major contributor to the popularity of the financial accounts category was bank account credentials, which accounted for 18 percent of all goods and services advertised for sale.
Financial accounts are attractive targets because of the opportunity to withdraw currency directly. Although this may involve more steps than using stolen credit card data to make online purchases, the process of cashing out financial accounts can be easier than retrieving cash from credit cards because criminals would require a PIN for the card. Also, most ATMs have security cameras, which may deter criminals from using this medium. In addition, withdrawing currency from a bank account has the advantage of a more immediate financial reward than with online purchases, which would need to be sold to realize a purely financial reward.
Credit card information includes credit card numbers, credit cards with CVV2, and credit card dumps; financial accounts includes bank account numbers, magnetic stripe skimming devices, online payment services, online currency accounts, and online stock accounts; spam and phishing information includes email addresses, email passwords, scams, and mailers; withdrawal services include cash outs and drops that are used to withdraw money and items from purchases; identity theft includes full identities and Social Security numbers; server accounts are for file transfers and virtual networks; compromised computers includes hacked computers, bot-infected computers, and shells; website accounts include online accounts for access to specific websites such as social networking sites; malicious tools includes Web-based attack tools and malicious code; and retail accounts includes gift cards for online stores and online auction accounts.
Magnetic stripe skimming devices are small machines designed to scan and retain data contained in the magnetic stripes on credit and debit cards. To cash out bank accounts, individuals can either use a reliable cashier or can assume the identity of the bank account owner to withdraw funds. Since many bank accounts can only be cashed out from within the issuing country, criminals may prefer the use of cashiers that specialize in extracting currency from these accounts. Such cashiers use a variety of methods to convert the information into true currency, transferring money either through wire transfers or to online currency exchange accounts. They can also hire an intermediary to receive the transfer in person using a fake identity. Symantec observed requests on underground economy servers for cashiers in specific locations and of a particular gender (as matching the cashier’s gender to the identity of the bank account holder is essential to not raise suspicion when withdrawing funds).