How Does The Hacker Economy Work? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Feature
News
2/9/2007
02:50 PM
50%
50%

How Does The Hacker Economy Work?

It's a murky world of chat rooms, malware factories, and sophisticated phishing schemes. Here's a look inside.

money in hand
The Black Market

$980-$4,900
Trojan program to steal online account information

$490
Credit card number with PIN

$78-$294
Billing data, including account number, address, Social Security number, home address, and birth date

$147
Driver's license

$147
Birth certificate

$98
Social Security card

$6-$24
Credit card number with security code and expiration date

$6
PayPal account logon and password

Data: Trend Micro


Direct Approach
Credit card information is mostly sold in bulk. "You don't just buy one Amex card with no limit; you typically buy a set because any one could be canceled or entered into fraud claims," Dagon says. Though some sites have list prices, basic card information can go for as low as $1 a card, and prices often depend on the quality of the data, says Johannes Ullrich, CTO of the SANS Internet Storm Center.

Credit card thieves, who call themselves "carders," often ply their wares through IRC chat rooms, private and public forums with names like CardersMarket and Carder.info, and even conventional-looking e-commerce sites. The experienced hackers and carders stick to private, encrypted, password-protected IRCs, Ullrich says.

One forum, CardingWorld.cc, has more than 100,000 posts from 13,000 registered members, most of whom write in Russian. The site's English section includes offers for Bank of America, Fidelity Bank, and PayPal logons; credit card information from around the world; valid gift cards; and services for the safe transfer of large amounts of money. Most sellers and buyers on the forum request that purchases or offers be taken to private messages on the bulletin board system or to ICQ instant messaging.

A site called Dumps International appears to provide credit cards and equipment for reading and encoding credit cards, as well as Social Security numbers, dates of birth, mothers' maiden names, PINs, and batches of credit card "dumps" that contain card numbers, cardholder names, and expiration dates. The cost for U.S. credit card numbers on the site ranges from $40 for a standard credit card up to $120 for a "signature" card, one step above platinum and corporate cards. There are even specials--buy 100 cards in a mixed batch and the price drops to $30 a card.

The average life expectancy for such sites is about six months before they're rerouted through a new proxy server to throw off law enforcement. TalkCash.net, which functioned until last summer, even offered a list of "rippers," those who'd used the marketplace but were unreliable, and "verified vendors," those who had proved that they could deliver on their promised goods.

Cybercriminals close their deals using peer-to-peer payment systems like PayPal and e-gold, which lets people exchange electronic currency backed by the value of gold bullion rather than a particular national currency. Some use Western Union wire transfers to make payment. E-gold says it "in no manner condones" the use of its service for criminal acts, and PayPal chief information security officer Michael Barrett says the company regularly works with law enforcement when it identifies usage patterns that indicate criminal activity.

Moving money around can be dangerous for hackers, since transactions over $10,000 must be reported by banks and wire transactions can be easy to track. Georgia Tech's Dagon says large transactions can be split up, with some in the hacker gang taking payment in plasma TVs, large numbers of compromised iTunes accounts, World of Warcraft credentials, and even access to compromised routers.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 5
Next
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll