November 24, 2008, 3:19 PM — Symantec is warning of a hugely profitable, online underground economy for stolen goods and fraud, where credit card and bank account details are sold and exchanged, following a year-long study.
The research from the online security specialist claims the total advertised goods on underground economy servers during the 12-month period was worth more than US$276 million.
The report is derived from data gathered by Symantec's Security Technology and Response (STAR) organisation from underground economy servers between 1 July 2007 and 30 June 2008.
Stolen credit cards topped the list of items for sale, and made up 31 percent of all the goods on offer, while bank details were second most popular with 20 percent.
While stolen credit card numbers sell for as little as between $0.10 and $25 per card, the average advertised stolen credit card limit observed by Symantec was more than $4,000. Symantec has calculated that the potential worth of all credit cards advertised during the reporting period was $5.3 billion.
The research also found that credit card information is often sold to fraudsters in bulk, with discounts or free numbers provided with larger purchases.
Stolen bank account information
Symantec found stolen bank account information sells for between $10 and $1,000, while the average advertised stolen bank account balance is nearly $40,000. Calculating the average advertised balance of a bank account together with the average price for stolen bank account numbers, the worth of the bank accounts advertised during this reporting period was $1.7 billion.
During the 12-month period Symantec found 69,130 distinct active advertisers and 44,321,095 total messages posted to underground forums. Many are invitation-only forums, while IRC chat channels are also a popular way for cyber criminals to sell and share information.
Symantec found the potential value of the total advertised goods for the top 10 most active advertisers was $16.3 million for credit cards and $2 million for bank accounts. The potential worth of the goods advertised by the single most active advertiser identified by Symantec during the study period was $6.4 million.
North America hosted the largest number of underground servers, with 45 percent of the total; Europe/Middle East/Africa hosted 38 percent; followed by Asia/Pacific with 12 percent, and Latin America with 5 percent. The geographical locations of underground economy servers are constantly changing to evade detection, Symantec claims.
