Cybercrime: A secret underground economy

Cybercriminals are making a killing off of stolen identities, creating their own market for buying and selling credit card and bank account information on the cheap.

EMAIL  |   PRINT  |   SHARE  |   RSS
 
google my aol my msn my yahoo! netvibes
Paste this link into your favorite RSS desktop reader
See all CNNMoney.com RSS FEEDS (close)
By David Goldman, CNNMoney.com staff writer

screen.jpg
Cybercriminals sell your information on Internet Relay Chats such as this one. One line reads 'Selling US/Ca & worldwide Cc's for the best prices."
symantec.03.jpg
Cybercriminals can see what you enter on your screen and steal your credit card information or bank account information.

NEW YORK (CNNMoney.com) -- If the word 'cybercrime' conjures up images of computer geeks trying to crash computers from their mothers' basements, think again.

Cybercrime has become a rapidly growing underground business built by savvy criminals, who buy and sell valuable stolen financial information from millions of unsuspecting Internet users every year in an on online black market.

"Most cybercriminals are very, very interested in financial gain by compromising customer accounts," said FBI special agent Austin Berglas, who supervises the Bureau's New York Internet crimes squad. "Believe it or not, there are people who fall victim to their scams, and we see it every day."

Because cybercriminals are so skilled at hacking into thousands of computers every day, the crime is potentially a billion-dollar business. If every stolen credit card and bank account had been wiped clean last year, that would have netted cybercriminals some $8 billion, according to data from Symantec, maker of the Norton antivirus software.

As a result of the lucrative payout, more and more online criminals are entering the game. In fact, the number of new Internet security threats rose nearly three-fold last year to 1.7 million.

Those cyber attacks mostly come from malware, or malicious software, that hands control of your computer, and anything on it or entered into it, over to the bad guys without you even knowing it. The most common forms of malware include keystroke logging, spyware, viruses, worms and Trojan horses.

How the deed is done. Once your information has been stolen, cybercriminals go onto an invitation-only Internet Relay Chat (like a chat group) to do commerce with other online criminals. Cybercriminals will often set up a hacker channel for a matter of days, do business, and then take it down to avoid detection. When active, hacker IRCs can get upwards of 90,000 cybercriminals talking to one another at a given time, according to Dave Cole, senior director of product management at Symantec.

Online criminals use the IRCs to sell or trade your credit card or bank account information. Credit cards are some of the cheapest commodities sold on the Internet Black Market, averaging about 98 cents each when sold in bulk. A full identity goes for just $10.

Credit cards and bank account information made up 51% of the goods advertised on the underground economy last year, up from 38% in 2007. Credit cards are most popular because they're the cheapest stolen commodity. Cards with expiration dates, CVV2 numbers and names go for more than ones with numbers only, but there is no honor in the underground online crime world -- oftentimes hackers will sell the same credit card information to multiple users, and many have already been canceled.

As a result, buyers and sellers on IRC channels will often give the information to a trusted third party for a fee. The third party will test the card information, often by charging a very nominal amount or by posing as a charity, and then verify the goods to the buyer.

After the information is purchased by a secondary criminal, that person can use a machine to print out a fake credit card with your information. But many use yet another tertiary person to wire stolen money into an overseas bank account.

That third person in the chain is usually called a "mule," who often doesn't even know he or she is part of an underground organized crime scheme. Many mules respond to the "make money from home" schemes, where stolen money is sent to their accounts, and they subsequently wire that money to an overseas account for a 10% to 15% fee.

Other mules are given phony ATM cards and are asked to retrieve cash for a small fee. But there is substantial risk involved -- law enforcement usually comes knocking on mules' doors first.

To catch a thief. The FBI is working undercover in many of these IRC channels in an effort to thwart the cybercriminals. And in many cases, captured criminals agree to work for the government in exchange for reduced sentences.

"After we make an arrest for someone cashing out at ATM machines, I'll tell them they can go to jail for 10 years or they can come work for Team America," said Berglas.

The strategy doesn't always work. Albert Gonzalez, the infamous TJ Maxx (TJX, Fortune 500) thief who stole 45 million credit card numbers and private information of 450,000 customers in 2007, was an FBI informant. He helped bring down a massive credit card theft scheme, but double-crossed the FBI, using insider information to help fellow criminals evade detection and carry out the TJ Maxx theft.

Security software also helps, but it far from solves the problem. To avoid detection, many cybercriminals will send out just a handful of viruses before modifying the code and sending it out again.

"The truth is that 'fingerprint' security technology is no longer effective," said Rowan Trollope, senior vice president of product development at Symantec. "The bad guys that got involved are organized professionals, and they figured out how to get around our technology."

Though Trollope said the new version of Norton's antivirus software helps address the problem by scanning for files' reputations, he said that Internet consumers also need know how how to keep their identities safe online.

"We do products really well, but the next step is education," said Trollope. "We can't keep the Internet safe with antivirus software alone." To top of page

Features
They're hiring!These Fortune 100 employers have at least 350 openings each. What are they looking for in a new hire? More
If the Fortune 500 were a country...It would be the world's second-biggest economy. See how big companies' sales stack up against GDP over the past decade. More
Sponsored By:
More Galleries
Most 'one percent' moments of 2014 This year was all about more money, more problems. Here's a look at the trials, tribulations and triumphs of the 1% over the last year. More
6 products to keep the skies friendly Plane travel can be stressful, especially during the holidays. These things can help keep the peace among travelers. More
2014: Helluva good year for stocks The bull market has been going for 2,115 days. If you put you're money in stocks, it's been a very happy year. More
Worry about the hackers you don't know 
Crime syndicates and government organizations pose a much greater cyber threat than renegade hacker groups like Anonymous. Play
GE CEO: Bringing jobs back to the U.S. 
Jeff Immelt says the U.S. is a cost competitive market for advanced manufacturing and that GE is bringing jobs back from Mexico. Play
Hamster wheel and wedgie-powered transit 
Red Bull Creation challenges hackers and engineers to invent new modes of transportation. Play

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.