Government // Cybersecurity
News
1/21/2011
12:44 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Botnets, Hacked Credit Cards Selling At Bargain Prices

Cybercrime black market emphasizes entrepreneurialism and customer service, with money buying just about anything, finds Panda Security report.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010

Have $2 to spare? Then you can buy a stolen credit card record, provided you pay up front and in cash. Or launch your own spam campaign by renting a botnet, with prices starting at $15, and rising slightly if you'd like VPN access to the botnet control panel for greater anonymity.

So says "The Cyber Crime Black Market: Uncovered," a report released on Thursday by security software vendor Panda Security. Overall, the security firm found a thriving black market offering stolen information and attack tools.

"Credit card details can be purchased for as little as $2 per card, but this level does not provide additional information or verification of the account balance available," said report author Luis Corrons, the technical director of Panda Security. "If the buyer wants a guarantee for the available credit line or bank balance, the price increases to $80 for smaller bank balances and upwards of $700 to access accounts with a guaranteed balance of $82,000." Spend even more -- up to $1,500 per record -- and you can buy stolen records that have a history of being used for e-commerce orders or paying via Web sites such as PayPal.

But stolen records aren't all that's for sale. For example, various vendors provide services to launder money via bank transfers or check cashing, minus a 10% to 40% commission.

Meanwhile, DIY types can buy cloned credit cards (starting at $180), machines for cloning credit cards (from $200 to $1,000), as well as ATM skimmers, which begin at $2,000 -- including free delivery -- but rise to $35,000 for the best models.

While the prospect of a thriving cybercrime black market may conjure images of a Wild West ecosystem, the Panda report instead describes an environment where buyers add services to an online shopping cart, then check out and pay via Western Union, Liberty Reserve, or WebMoney.

Services also cater to buyers. "Since there is a great deal of competition in this industry, the rule of supply and demand ensures that prices are competitive, and operators even offer bulk discounts to higher-volume buyers. They will offer free 'trial' access to stolen bank or credit card details, as well as money-back guarantees and free exchanges," said Corrons.

But despite some sellers advertising "office hours" via Twitter and Facebook, catering to potential cybercrime customers only goes so far. "To ensure anonymity, contact is always made across instant messaging applications or free, generic email accounts," Corrons said.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.