Botnets, Hacked Credit Cards Selling At Bargain Prices
Cybercrime black market emphasizes entrepreneurialism and customer service, with money buying just about anything, finds Panda Security report.
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010
Have $2 to spare? Then you can buy a stolen credit card record, provided you pay up front and in cash. Or launch your own spam campaign by renting a botnet, with prices starting at $15, and rising slightly if you'd like VPN access to the botnet control panel for greater anonymity.
So says "The Cyber Crime Black Market: Uncovered," a report released on Thursday by security software vendor Panda Security. Overall, the security firm found a thriving black market offering stolen information and attack tools.
"Credit card details can be purchased for as little as $2 per card, but this level does not provide additional information or verification of the account balance available," said report author Luis Corrons, the technical director of Panda Security. "If the buyer wants a guarantee for the available credit line or bank balance, the price increases to $80 for smaller bank balances and upwards of $700 to access accounts with a guaranteed balance of $82,000." Spend even more -- up to $1,500 per record -- and you can buy stolen records that have a history of being used for e-commerce orders or paying via Web sites such as PayPal.
But stolen records aren't all that's for sale. For example, various vendors provide services to launder money via bank transfers or check cashing, minus a 10% to 40% commission.
Meanwhile, DIY types can buy cloned credit cards (starting at $180), machines for cloning credit cards (from $200 to $1,000), as well as ATM skimmers, which begin at $2,000 -- including free delivery -- but rise to $35,000 for the best models.
While the prospect of a thriving cybercrime black market may conjure images of a Wild West ecosystem, the Panda report instead describes an environment where buyers add services to an online shopping cart, then check out and pay via Western Union, Liberty Reserve, or WebMoney.
Services also cater to buyers. "Since there is a great deal of competition in this industry, the rule of supply and demand ensures that prices are competitive, and operators even offer bulk discounts to higher-volume buyers. They will offer free 'trial' access to stolen bank or credit card details, as well as money-back guarantees and free exchanges," said Corrons.
But despite some sellers advertising "office hours" via Twitter and Facebook, catering to potential cybercrime customers only goes so far. "To ensure anonymity, contact is always made across instant messaging applications or free, generic email accounts," Corrons said.
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?