As cyber-crime continues to mature and employ ever more-sophisticated technologies and business models, individuals are becoming more vulnerable to losing their personal and confidential information – which could be sold on for as little as 40 cents for credit card information or $2.00 for a full identity.
This is one of the findings of Symantec's latest Internet Security Threat Report, covering the six-month period from 1 July to 31 December 2007.
The report finds that malicious activity has moved away from targeting companies towards targeting end users themselves – specifically end user information that can be used in fraudulent activity for financial gain.
In the last six months of 2007, threats to confidential information made up 68% of the volume of the top 50 malicious code samples causing potential infections. This is an increase over the 65% reported in the first half of 2007 and the 53% from the second half of 2006.
Threats to confidential information are a particular concern because of their potential for use in criminal activities," says the report. "With the widespread use of e-commerce, particularly online shopping and Internet banking, compromises of this nature can result in significant financial loss, particularly if credit card information or banking details are exposed."
Underground economy servers are black market forums used by criminals and criminal organisations to advertise and trade stolen information and services typically for use in identity theft. The distribution of goods and services advertised on underground economy servers illustrates the growing focus on end users and their financial and personal information, such as bank account credentials, credit card information, and identities.
"Over the last six months of 2007, Symantec observed that data related to identities, credit cards, and financial details accounted for 44% of the goods advertised on underground economy servers this period," according to the report.
"Bank accounts were the most commonly advertised item for sale on underground economy servers known to Symantec, accounting for 22% of all items, an increase from the first half of 2007, when they represented 21% of the total.
Interestingly, the underground community's pricing is effected by market forces such as supply and demand.
The price range of credit cards in the last half of 2007 remained consistent with the prices from the first half of the year, ranging from 40 cents to $20.00 per
Symantec observes that the cost of full identities depended on the location of the identity. As with bank accounts and credit cards, EU identities were advertised at prices 50% higher than US identities, indicating that they are more in demand.
Bulk pricing has also become common in the underground community. For example, sellers were offering 50 credit card numbers for $40.00 (80 cents each), and 500 credit card numbers for $200.00 USD (40 cents each). This is a decrease from the bulk rates advertised in the first half of 2007, when the price identified was $1.00 each for 100 cards.
Identities were also available in bulk, at $100.00 for 50 items.
Full identities were the third most-common item advertised for sale on underground economy servers, making up 9% of all advertised goods, an increase from 6% in the first half of 2007.