Neil O’Farrell, Intersections Consumer Security Adviser reviews a recent security report by Panda Labs that offers some sobering insights into the world of cybercrime and identity theft.
I just started reading one of the most fascinating reports that exposes the seedy underworld of cybercrime, who the players are, and how it's quickly organizing itself into a carbon copy of legitimate, above ground industries.
The report, from Spanish security firm Panda, is called Cyber Crime Black Market Exposed, and its 44 pages provide an insider's look at the global criminal conspiracy to clone our identities.
The report opens with some sobering statistics. Panda estimated that just five years ago, the firm was fighting around 92,000 different types of malware like viruses, worms, and Trojans. That number had soared to a staggering 14 million by 2008, and now stands at more than 60 million.
Today, Panda catalogs around 63,000 different malware threats every single day, and admits that these are just the ones they catch. Who knows how many others slip past them, undetected. And what's the most common type of malware in use today? According to Panda's report, Trojans now account for more than 70% of all new malware detected. "In general, the reason that more Trojans, keyloggers and bots are created than other types of malware is that they are more useful for identity theft."
I highly recommend that you read the free report for yourself. It contains fascinating snippets of the kind of intelligence law enforcement is gathering around the world, and the picture it's painting of this incredibly profitable black market.
For example, the FBI has actually created a list of "positions" that they use to identify the various players who are needed to keep these criminal enterprise operating smoothly:
- Programmers develop the exploits and malware used to commit cybercrimes.
- Distributors trade and sell stolen data and vouch for the goods provided by other specialists.
- Tech experts maintain the criminal enterprise's IT infrastructure, including servers, encryption technologies, and databases.
- Hackers search for and exploit applications, systems and network vulnerabilities.Fraudsters create and deploy various social engineering schemes, such as phishing and spam.
- Hosted systems providers offer safe hosting of illicit content servers and sites, often to launch the attacks, host bogus and phishing web sites, and hide stolen data.
- Cashiers control drop accounts and provide names and accounts to other criminals for a fee.
- Money mules complete wire transfers between bank accounts. The money mules often use student and work visas to travel to the U.S. to open bank accounts.
- Tellers are responsible for transferring and laundering illicitly gained proceeds through digital currency services and different world currencies.
- Organization Leaders are often "people persons" without technical skills, the leaders who assemble the team and choose the targets.
The report also highlights the shopping list of services and loot that can be purchased for very little. For example:
- Complete credit card account details, without the physical card, range in price from $2-$90, and physical credit cards cost from $190.
- Card cloners can be purchased for as little as $200.
- Fake ATMs can be purchased for up to $35,000.
- Bank credentials (accounts, logins, and passwords) are available from $80 to $700 and usually come with guaranteed funds in the account.
- Bank transfers and cashing checks range from 10% to 40% of the total, or as little as $10 for simple account without guaranteed balance.
- Services to purchase and forward products purchased using stolen cards or accounts ranges from $30 to $300 and priced according to the project.
- Thieves can also order complete online stores and payment platforms.
Download the entire report on cyber crime from Panda Labs.