The rising cost of crime
Criminals trading in stolen credit cards is now old hat. According to McAfee, better money can be made on the electronic black market selling stolen online banking details.
Security researchers at McAfee have published a paper, Cybercrime Exposed, which quantifies the black market prices for a whole range of cyber tools and data. It makes chilling reading. For instance, spammers can purchase one million verified French email addresses for just $500, or 10 million US email addresses for under $900. The spam community also offers specialised lists such as the email addresses of the 0.7 million US doctors for just $115.
Whilst spammers may be annoying beyond belief for many internet users, many spammers will argue that what they are doing is legitimate marketing which is legal in the countries they supposedly operate from. Other black market services are less ambiguous. For instance, the McAfee report contains screen shots of sites selling exploits for specific browser vulnerabilities where you can buy the code to take advantage of a bug in Opera to fake the address in the address bar for $200, whilst code to allow you to remotely excute commands on the PC of Opera users is only $600. Another site offers a "cheap professional denial of service attacks". Denial of service is when an army of compromised PCs is used to swamp a website with traffic, rendering it unusable. The cost of commissioning such an attack against your victim starts at $2 per hour of attack.
There is, of course, a market in stolen credit card details, and these start from $15 for the details of a US Visa card, but for that you don't get the PIN number. At the other end of the scale, criminals advertise Visa Gold Card details, for EU account holders, and with a good credit limit, for $250 per card. That sales price indicates the criminal purchaser of the average card must be able to steal substantially more than $250 worth of goods before the theft is detected and the card voided.
However, those prices are low compared to online banking details which are typically valued as a percentage of the account balance. The cheapest are US logins which are valued at 2% of the balance, EU accounts are valued at 5% of the balance, and Paypal accounts at up to 20% of its cash balance.
McAfee's report points to the way cybercrime has been industrialised, commoditised and sold as an online service much like you would sell socks. Hollywood portrays hackers as near genius computer geeks typing in a succession of obscure unix programming commands at lightning speeds. The reality revealed by this report is very different. Some of these sites have to supply instructions to their customers on how to find your junk mail folder on Outlook. Clearly those customers are not the expert hackers.
The full McAfee report (PDF) can be found here:
goo.gl/iMOhJ
23rd July 2013
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content.