Quick – conjure the image that comes to mind when you hear the term cybercriminal.
Perhaps an unkempt, lone operator working out of a boiler room late at night?
How about – more commonly these days – a sophisticated fraud businessman running a high-stakes organization with international teams of experts, raking in millions through his illegal tactics.
When Albert Gonzalez was arrested for hacking into the networks of TJ Maxx, Barnes and Nobles, and OfficeMax, amongst others, and stealing 45 million credit and debit card numbers, he had $1.65 million in cash, a crew of international co-conspirators, and secret bank accounts across the world stuffed with millions more. Gonzalez, who formerly worked for the Secret Service busting other cyber criminals, was later indicted for an even bigger, separate attack that compromised 140 stolen credit card numbers.
These days, the fraud economy has matured to a point where it is run like a global marketplace, with specialists for every aspect of fraud – from identity thieves to the consumers of stolen identities. Data theft is only one part of what fuels this economy – the second and equally important aspect is the conversion of these thefts into cash, which is where the fraud economy connects illegal data traffickers with underground data buyers.
First Data’s report on this topic offers a cheat sheet of the cheating way of life:
1. According to a study from Symantec Corp. which followed a year in the life of the underground economy, the value of the advertised goods on underground economy Web servers in a given year was more than $276 million
2. The Symantec study found that the most popular item for sale, as well as the most requested for purchase, is credit card data, which are inexpensive to buy and have the potential for high profit
3. The price for stolen credit card data ranges from 10 cents to $25 per card, with discounts offered for bulk purchases
4. The average stolen credit card has a credit limit of $4,000
5. The potential worth of all credit cards observed for sale during Symantec’s yearlong reporting period was estimated to be $5.3 billion
6. Stolen financial account information is the second most popular item for sale in the underground economy, selling for $10 to $1,000 per account (with an average account balance of nearly $40,000)
7. The potential value of all bank accounts advertised on underground economy servers during the reporting period was $1.7 billion
8. Fraud as a Service (FaaS) has evolved as an infrastructure that helps fraudsters operate efficiently, just as software as a service (SaaS) has evolved to help the online needs of businesses. FaaS includes online Fraud Forums, which serve as web-based marketplaces for illegal goods and services
As ever-developing fraud techniques challenge the wits of security experts, it’s important to understand as much as possible about the underground fraud economy that orchestrates advanced methods to rob businesses and consumers as well as how to address these concerns.