It's a murky world of chat rooms, malware factories, and sophisticated phishing schemes. Here's a look inside.
When retailer TJX disclosed Jan. 17 that the computer systems that store data related to credit card, debit card, check, and merchandise return transactions had been broken into, it said it had discovered the hack in December. But security officials at Visa had been seeing an increase in fraudulent activity on credit and debit cards related to TJX properties, such as T.J. Maxx, Marshalls, and HomeGoods stores, since mid-November. That means it's possible the purloined consumer data has been floating around the Internet, available for purchase on black market Web sites and chat rooms, for at least two months, maybe longer.
Hacking isn't a kid's game anymore. It's big business. Online black markets are flush with stolen credit card data, driver's license numbers, and malware, the programs that let hackers exploit the security weaknesses of commercial software. Cybercriminals have become an organized bunch; they use peer-to-peer payment systems just like they're buying and selling on eBay, and they're not afraid to work together.
While the independent hacker still exists (pardon us, but in this story, we'll refer to "hacker" in the layman's sense), the FBI sees true organized crime in parts of the hacking community, particularly in Eastern Europe, says special agent Chris Stangl, who works in the bureau's cybercrime division, the agency's third largest behind counter-terrorism and intelligence. "You'll have hackers cracking the machines, individuals collecting the data, and individuals selling for profit," Stangl says.
Getting a clear picture of the hacker economy isn't easy. It's a murky underground about which few people are willing to talk on the record. But the general outlines can be gleaned from inside and outside sources.
It's not a crime to point out vulnerabilities on the Net, making malware hard to prosecute, says eEye's Maiffret.
Some hackers take the direct approach. Ransom scams--in which a criminal infects a company's systems with malware that encrypts data and then demands money to provide the decryption key--are common in Russia. Uriel Maimon, a researcher with the consumer division of RSA, a security vendor now owned by EMC, says he's seen a half-dozen of these scams over the past five months.
But in the scheme of things, those kinds of scams aren't all that common because they're risky--they require "a direct financial connection between the victim and the author or proprietor of the malware," says David Dagon, a researcher with the Georgia Tech Information Security Center. More omnipresent is the thriving black market in data. Online sites abound where credit and debit card numbers, cardholder names, and the card verification value, a three- or four-digit code that's used to verify a card's authenticity, can be bought and sold. Jeff Moss, who goes by the handle "The Dark Tangent" and is the founder of Black Hat, a security research and training firm (owned by InformationWeek parent CMP), says he knows of one European cyberattacker who makes nearly a half-million dollars annually buying and selling databases and customer lists.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.