Inventory is growing and prices are dropping on the cyber crime black market, according to a new report from security firm Panda Labs.
Stolen banking credentials, malicious programs and stolen credit cards are all for sale online
in what Panda experts say is a flourishing criminal black market
online. The report, The Cyber-Crime Black Market: Uncovered (.PDF), depicts a cyber black market that has evolved over the years. Initially used for buying and selling malicious programs and stolen data, the market has specialized: offering everything from stolen banking credentials to phony ATM machines, to fake credit cards – some of which can be had for as little as $2 a piece, Panda reports.
An active network chat rooms and message boards allow criminals to share information and recruit help building and carrying out online scams. Some of the offers Panda Labs researchers discovered included Fake ATMs selling for $35,000, card cloners from $200 to $1,000 and banking credentials from $80 to $700 – the more expensive accounts come with a guaranteed balance of $82,000 or more.
Criminals can furnish their operations by using specialized online stores, accessible with a user name and password. While customarily advertised through underground forums and chat rooms, some, more audacious services are promoted on social networks like Twitter and Facebook. When it comes to initiating a sale however, contact is always made via online messaging clients and generic e-mail accounts. Payments go through Western Union, WebMoney and other online disbursement systems, the report said.
Other firms that monitor the cyber underground have remarked on the degree to which buying and selling stolen credit card numbers, bank accounts and identity information has become “business as usual” online. Despite its mystique and movie depictions of suave hackers with superhuman skillz, the real world cyber crime is pretty dull, and mostly involves low level functionaries and middle men buying and selling e-mail lists, credit card “dumps” and fenced goods – not ultra sophisticated computer hackers breaking into networks or protected databases, according to Team Cymru, which has turned some of the online exchanges it has observed into comics.