RealTime IT News

Credit Cards, Banks Targeted by Cyber Criminals

Criminal organizations are using sophisticated online marketplaces to distribute the work of theft to those who have the skills, according to Symantec's latest Internet Security Threat Report, covering 2008.

Once key information, such as a social security number, credit card number or bank account has been stolen, a criminal can sell the data in the underground economy, which the report describes as "various forums, such as websites and Internet Relay Chat (IRC) channels, which allow criminals to buy, sell, and trade illicit goods and services."

"Our team built the first system to mine data from the underground economy," Zulfikar Ramzan, technical director at Symantec, told InternetNews.com. "Underground servers are essentially IRC chat rooms for illegal transactions but, ironically, anyone can log on."

The Web 2.0 underground allows criminals to specialize, Ramzan said. "Individuals can go in with one skill set and rely on others to provide the rest of the skills to complete the cyber crime."

"Say I'm really good at setting up a Web site to get credit card or bank information, but I don't know how to cash that out," he said. "Others may specialize in cashing out. They know how to make transactions that will be approved. Many banks now have very good fraud detection."

Where the money is

All those efforts are concentrated on lifting large amounts of cash. The report found that an astonishing 76 percent of all phishing exploits targeted financial brands. That's because thieves want credit card numbers and billing credentials, and spoofing financial sector brands allows them to ask for sensitive data.

Ramzan said that phishers may see an industry weakness they can exploit. "During the past year, the financial firms dominated the news. This created a sense of mayhem and confusions for customers. There was a perfect opportunity to trip up a victim with cleverly timed misinformation. If a customer reads in the news that their bank is involved in a merger and then gets an e-mail asking for information, they're more likely to be fooled."

Not surprisingly, there are consequences, Symantec said. The report found that the financial industry was responsible for 29 percent of all identities exposed in 2008, a sharp increase from 2007, when it was at fault for only 10 percent.

The report even lists the prices of items for sale in the underground market. However, actual prices vary widely depending on several circumstances including, ironically, the level of trust between criminals.

Other factors affecting price may include the volume of the item traded (discounts for bulk deals) and the financial institution's security.

"Some banks are easier to cash out than others," Ramzan said.

Credit card information accounted for 32 percent of products by volume of sales, followed by bank account credentials, accounting for 19 percent. Combined, they represented just over half the market (51 percent).

Credit cards could sell for between six cents and thirty dollars each and bank account credentials could sell for between $10 and $1,000.

Ramzan added that some transactions in the marketplace are barter transactions, and that those are difficult to track. "Prices are easy to mine," he said, "but when criminals talk terms, it's difficult to find out what kind of deal was negotiated."

Page 2: The tool makers and the threat to enterprises