Symantec just released a new way to make us lose sleep at night, called the Symantec Report on the Underground Economy. In case you weren't depressed enough by the regular economy, Symantec will be happy to bum you out about the increasingly organized world of hackers, spammers, and phishers.
Wonder how much your credit card is worth to a cyber-criminal? Anywhere from a dime to $25, depending on your credit limit, and whether the thief has those magic verification numbers on the back as well as the card number. The report didn't say so outright, but I'm guessing writing your mother's maiden name on the back of the card is a bad idea as well.
By monitoring criminals offering stolen cards, bank account information, and other stolen financial data, Symantec researchers believe hundreds of millions of dollars of potential theft tools are available at any time. To avoid detection, cyber-criminals now use Internet Relay Chat (IRC) channels to communicate, since static Web forums can be more easily tracked. Isn't it strange that IRC, an early mixture of Instant Messaging, bulletin boards, and Craig's List has become the focal point for criminals around the world.
Even though Symantec focused on IRC networks in English, criminals all over the world get together to buy botnet access, grab some stolen credit cards to use to buy a few thousands domains for phishing servers, and exchange stolen bank account numbers. Hundreds of millions of dollars of exposed risk, such as balances in bank accounts and credit card limits, are available every day in the US. Add in the rest of the “civilized†world, and the totals get close to federal bail out money levels.
The one tiny bit of consolation? Online fraud is growing, but is not yet the majority of fraud losses. Old fashioned, low tech golden oldies like dumpster diving, social engineering, and insiders stealing info still lead the market. I'm not sure if I feel better about that or not. Usually, after talking to a security expert, my stomach hurts. So it does today.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
