Internet security giant Symantec has just published the latest Internet Security Threat Report, based on an in-depth analysis of global Internet traffic and email during the last six months. Beyond all the usual who is hosting what and where, how much malware is contained in spam and which threats are continuing to cause problems data, there is one truly shocking statistic buried within the 134 page document: stolen information is dirt cheap on the black web economy.
The report suggests that cyber crime has become a professional, even a corporate, business. Organized crime units across the world are rolling out targeted, sophisticated and above all else hugely profitable online attacks. But they are also showing real business-savvy by creating the tools and the opportunity for wanabees to get involved who possess little in the way of criminal hacking, coding or scamming skill. They are establishing what can only be described as a criminal and fraudsters pyramid scheme.
If you want to enter the world of the cyber crime lord then you can start at the bottom by investing in an out-of-the-box toolkit, just $50 for a ready made phishing kit that is easy to install and professionally coded to enable the newbie to get out there and get defrauding the online public. These packages even come with built-in support for everything from fake website creation to email targeting. A Symantec investigation into the three most widely used phishing toolkits reveals that they alone were responsible for 42 per cent of all phishing attacks detected in the first half of 2007.
Or how about an online identity auction, black web economy servers where consumers' identities can be bought and sold? These auctions sell all kinds of personal data from social security numbers to credit cards. During the first six months of 2007, the United States accounted for hosting 64 percent of the total of such auctions known to Symantec, followed by Germany and Sweden. Credit cards are the most frequently traded item, not surprising when sold in batches of 10 for as little as fifty cents a card!
When it comes to stolen data, identities and assorted criminal goods it might surprise you juts how cheaply they can be purchased at these auction servers. Here are the top ten most traded items according to the report, which I have sorted by price rather than volume to help make the point:
- Credit Cards $0.50
- Proxies $0.50
- Email Passwords $1
- Compromised Unix Shells $2
- Email Addresses $2 per Mb
- Social Security Numbers $5
- Mailers $8
- Full Identity $10
- Scams $10 per week
- Bank Accounts $30
Commenting on the Internet Security Threat Report, Lee Sharrocks, Consumer Sales Director, Symantec UK told DaniWeb "the Internet underworld is growing at an alarming rate, with the latest trends showing that the growth of black market auction sites is continuing to increase. It's a multi-billion dollar criminal industry and identities are becoming cheaper and easier to buy online. With the introduction of software toolkits to provide access to the technology needed to become involved in these identity scams, we can only expect this trend to continue to grow, so the need for consumer vigilance is higher than ever."