Cybercrime: A secret underground economy

Cybercriminals sell your information on Internet Relay Chats such as this one. One line reads 'Selling US/Ca & worldwide Cc's for the best prices."

Cybercriminals can see what you enter on your screen and steal your credit card information or bank account information.

How to be safe online

• Think ID theft can't happen to you?

• Staying ahead of the hackers

• How to be a (safe) Wi-Fi warrior

Text

NEW YORK (CNNMoney.com) -- If the word 'cybercrime' conjures up images of computer geeks trying to crash computers from their mothers' basements, think again.

Cybercrime has become a rapidly growing underground business built by savvy criminals, who buy and sell valuable stolen financial information from millions of unsuspecting Internet users every year in an on online black market.

"Most cybercriminals are very, very interested in financial gain by compromising customer accounts," said FBI special agent Austin Berglas, who supervises the Bureau's New York Internet crimes squad. "Believe it or not, there are people who fall victim to their scams, and we see it every day."

Because cybercriminals are so skilled at hacking into thousands of computers every day, the crime is potentially a billion-dollar business. If every stolen credit card and bank account had been wiped clean last year, that would have netted cybercriminals some $8 billion, according to data from Symantec, maker of the Norton antivirus software.

As a result of the lucrative payout, more and more online criminals are entering the game. In fact, the number of new Internet security threats rose nearly three-fold last year to 1.7 million.

Those cyber attacks mostly come from malware, or malicious software, that hands control of your computer, and anything on it or entered into it, over to the bad guys without you even knowing it. The most common forms of malware include keystroke logging, spyware, viruses, worms and Trojan horses.

How the deed is done. Once your information has been stolen, cybercriminals go onto an invitation-only Internet Relay Chat (like a chat group) to do commerce with other online criminals. Cybercriminals will often set up a hacker channel for a matter of days, do business, and then take it down to avoid detection. When active, hacker IRCs can get upwards of 90,000 cybercriminals talking to one another at a given time, according to Dave Cole, senior director of product management at Symantec.

Online criminals use the IRCs to sell or trade your credit card or bank account information. Credit cards are some of the cheapest commodities sold on the Internet Black Market, averaging about 98 cents each when sold in bulk. A full identity goes for just $10.

Credit cards and bank account information made up 51% of the goods advertised on the underground economy last year, up from 38% in 2007. Credit cards are most popular because they're the cheapest stolen commodity. Cards with expiration dates, CVV2 numbers and names go for more than ones with numbers only, but there is no honor in the underground online crime world -- oftentimes hackers will sell the same credit card information to multiple users, and many have already been canceled.

As a result, buyers and sellers on IRC channels will often give the information to a trusted third party for a fee. The third party will test the card information, often by charging a very nominal amount or by posing as a charity, and then verify the goods to the buyer.

After the information is purchased by a secondary criminal, that person can use a machine to print out a fake credit card with your information. But many use yet another tertiary person to wire stolen money into an overseas bank account.

That third person in the chain is usually called a "mule," who often doesn't even know he or she is part of an underground organized crime scheme. Many mules respond to the "make money from home" schemes, where stolen money is sent to their accounts, and they subsequently wire that money to an overseas account for a 10% to 15% fee.

Other mules are given phony ATM cards and are asked to retrieve cash for a small fee. But there is substantial risk involved -- law enforcement usually comes knocking on mules' doors first.

To catch a thief. The FBI is working undercover in many of these IRC channels in an effort to thwart the cybercriminals. And in many cases, captured criminals agree to work for the government in exchange for reduced sentences.

"After we make an arrest for someone cashing out at ATM machines, I'll tell them they can go to jail for 10 years or they can come work for Team America," said Berglas.

The strategy doesn't always work. Albert Gonzalez, the infamous TJ Maxx (TJX, Fortune 500) thief who stole 45 million credit card numbers and private information of 450,000 customers in 2007, was an FBI informant. He helped bring down a massive credit card theft scheme, but double-crossed the FBI, using insider information to help fellow criminals evade detection and carry out the TJ Maxx theft.

Security software also helps, but it far from solves the problem. To avoid detection, many cybercriminals will send out just a handful of viruses before modifying the code and sending it out again.

"The truth is that 'fingerprint' security technology is no longer effective," said Rowan Trollope, senior vice president of product development at Symantec. "The bad guys that got involved are organized professionals, and they figured out how to get around our technology."

Though Trollope said the new version of Norton's antivirus software helps address the problem by scanning for files' reputations, he said that Internet consumers also need know how how to keep their identities safe online.

"We do products really well, but the next step is education," said Trollope. "We can't keep the Internet safe with antivirus software alone."