Symantec just released a new way to make us lose sleep at night, called the Symantec Report on the Underground Economy. In case you weren't depressed enough by the regular economy, Symantec will be happy to bum you out about the increasingly organized world of hackers, spammers, and phishers.
Wonder how much your credit card is worth to a cyber-criminal? Anywhere from a dime to $25, depending on your credit limit, and whether the thief has those magic verification numbers on the back as well as the card number. The report didn't say so outright, but I'm guessing writing your mother's maiden name on the back of the card is a bad idea as well.
By monitoring criminals offering stolen cards, bank account information, and other stolen financial data, Symantec researchers believe hundreds of millions of dollars of potential theft tools are available at any time. To avoid detection, cyber-criminals now use Internet Relay Chat (IRC) channels to communicate, since static Web forums can be more easily tracked. Isn't it strange that IRC, an early mixture of Instant Messaging, bulletin boards, and Craig's List has become the focal point for criminals around the world.
Even though Symantec focused on IRC networks in English, criminals all over the world get together to buy botnet access, grab some stolen credit cards to use to buy a few thousands domains for phishing servers, and exchange stolen bank account numbers. Hundreds of millions of dollars of exposed risk, such as balances in bank accounts and credit card limits, are available every day in the US. Add in the rest of the â€œcivilizedâ€ world, and the totals get close to federal bail out money levels.
The one tiny bit of consolation? Online fraud is growing, but is not yet the majority of fraud losses. Old fashioned, low tech golden oldies like dumpster diving, social engineering, and insiders stealing info still lead the market. I'm not sure if I feel better about that or not. Usually, after talking to a security expert, my stomach hurts. So it does today.