However, the potential value of the credit card information and bank account credentials being sold, if criminally exploited to its maximum potential, could reach $7 billion.

Thomas Claburn, Editor at Large, Enterprise Mobility

November 21, 2008

2 Min Read

Not every industry is suffering from a financial meltdown, apparently.

More than $276 million worth of cybercrime goods and services were advertised online between July 1, 2007 and June 30, 2008, according to Symantec.

The security company's report on the underground cybercrime economy, to be released on Monday, finds that stolen data and crime tools are widely available and quite affordable.

The $276 million figure is the amount the cybercriminals would get if they sold everything at advertised prices.

Symantec estimates that the potential value of the credit card information and bank account credentials being sold, if criminally exploited to its maximum potential, would reach $7 billion.

Stolen credit card information accounts for 59% of that $276 million.

Symantec spotted 69,130 unique advertisers among some 44 million messages posted on underground economy servers.

Ninety-eight percent of such servers have a lifespan of less than six months. Forty-one percent were hosted in the United States and 13%, the second-largest percentage, were hosted in Romania.

The most expensive attack tool, Symantec found, was a botnet, which could be had for an average price of $225. Hosting for phishing services averaged $10, with a low of $2 and a high of $80. Keystroke loggers averaged $23.

Vulnerabilities sold for $100 to $2,999, and averaged $740. But vulnerabilities in the underground economy aren’t necessarily priced in terms of value.

Bank account credentials sold for between $10 and $1,000 generally, depending on how much money was in the associated bank account.

"In some cases, it appears the same vulnerability was advertised at both the low and high ends of the price range," the Symantec report says. "This may indicate that the value of the exploit decreased as it became over-traded, resulting in many attackers exploiting the same vulnerability in the same financial service."

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights