By Fakir Balaji, IANS,
Bangalore : The burgeoning growth of e-commerce has spawned an online underground economy where cyber-criminals thrive by siphoning off goods and services worth millions of dollars with credit card information, a report by global security solutions provider Symantec reveals.
The worldwide report, based on a year-long study conducted by Symantec’s security technology and response division in 2007-08, warns netizens of shopping online using credit cards without verifying the authenticity of sellers and their advertisers.
“Cyber criminals have turned the underground economy into a global market with the supply and demand pressures and responses similar to any other economy,” Symantec India’s vice-president of product operations, Shantanu Ghosh, told IANS from Pune.
The report estimates the value of goods and services marketed worldwide using underground economy servers and channels to be $276 million during the 12-month period.
The value was determined by using the advertised prices of goods and services and measured how much advertisers will make if they liquidated their inventory.
Cyber-crime is committed using a computer, network or hardware device as an agent or facilitator of the crime or even a target of the crime.
“People associate identity theft with money because most reported cases involve criminals using the identity for activities such as obtaining credit cards, applying for loans, obtaining expensive medical or pharmaceutical treatments or even stealing house titles,” Ghosh said.
Prowling over unsecured networks and web sites, cyber-criminals dupe gullible e-consumers to place orders for goods or services only to access their credit card information and other personal data through phishing.
Phishing is an e-mail fraud in which a perpetrator sends out a legitimate-looking e-mail in an attempt to gather personal and financial information from recipients. Typically, such messages come from well-known and trustworthy web sites.
Phishers use a number of social engineering and e-mail spoofing ploys to trick their potential victims.
“Sellers post samples of goods in the channels on underground economy servers to prove they have the goods, to show potential buyers the quality of goods and to allow users to validate the information. Such fancy online advertising and promotion makes the uninitiated e-shopper go for the bait without realising that the channel is a booby trap,” Ghosh said.
To collect data, Symantec monitored 44,752 samples of sensitive information posted during the reporting period on underground economy servers, accounting for 10 percent of the total distinct messages.
The report details an online underground economy that has matured into an efficient global marketplace in which stolen goods and fraud-related services are regularly bought and sold and where the estimated value of goods offered by individual traders is valued in millions of dollars.
“As evident from the report, cyber-criminals are thriving on information gathered slyly from consumers and businesses by devising tools and techniques to defraud legitimate users the world over. Protection and mitigation against such fraudulent attacks should be given top priority, individually as well as collectively,” Ghosh said.
The study found credit card information to be the most advertised category of goods and services in the underground economy, accounting for 31 percent of the total.
“Stolen credit card numbers sell for as little as $0.10 (ten cents) to $25 per card, while the average advertised stolen credit card limit is about $4,000. The potential value of all credit cards advertised during the reporting period was $5.3 billion,” the study mentioned.
Since credit cards are mostly used for online shopping, personal information, including numbers, become vulnerable to access by cyber-criminals lurking behind channels and servers of the underground economy.
The second category of goods and services advertised is financial accounts at 20 percent of the total. Stolen bank account information is sold for anywhere between $10 and $1,000, while the average advertised stolen bank account balance is about $40,000.
The popularity of financial account information is due to its potential for high payouts and the speed at which payouts can be made. In one case, financial accounts were cashed out online to untraceable locations in less than 15 minutes, the study found.
“The underground economy is geographically spread, generating revenue for cyber-criminals who are either smart individuals or organised and sophisticated groups,” Ghosh said.
The report found that North America hosted the largest number of underground economy servers, accounting for 45 percent of the total, followed by Europe/Middle East/Africa (EMEA) 38 percent, Asia-Pacific-Japan (A-PJ) 12 percent and Latin America five percent.
“The geographical locations of underground economy servers are constantly changed to evade detection. No wonder, cyber-criminals are flourishing on information gathered fraudulently from e-consumers and businesses,” Ghosh said.