The buyers and sellers converse cheerfully in the international language of commerce: negotiating prices, swapping samples, issuing quality assurances and loyalty discounts. One vendor, a Russian, offers a Chinese customer free translations of the product’s instruction manual; another promises “friendly technical support”.
It is here, in this polite, super-exclusive online marketplace, that the world’s most dangerous cybervillains plot to make your life a misery and get fabulously rich in the process. This is where your debit card PIN is bought and sold, your e-mail inbox engorged with spam, your identity touted to the highest bidder and the company you work for blackmailed or incapacitated.
From here, a rogue IT engineer can sell access to the tills of 50 high street stores or a Taiwanese factory worker can be bribed to install spy software in a dozen credit card readers. Botnets, trojans, worms — and worse — are fomented here.
Forums such as this, say analysts of cybercrime, have become the hubs of a £30 billion-a-year global industry that in 2008 alone spirited nearly 300 million items of supposedly secure information from the internet.
On one such forum, to which The Times gained access, a seller offers eBay accounts that appear to have impeccable reputations and 100 per cent buyer satisfaction levels — a disguise that could be used to perpetrate multiple frauds across the globe. Another is offering, for $10 (£6), a list of 30,000 “clean” British e-mail addresses that have not yet received spam and would therefore make easy targets. Skype accounts are also available, at a charge of 50 per cent of whatever financial gain the customer is able to make from them.
Over the past 18 months there has been an unprecedented growth not just in the volume of data theft, but in the sophistication of the attacks.
The problem, explained Bryan Sartin, head of the investigative response team at the US-based IT company Verizon Business, is that black-market forums have done their job too well: supply-and-demand economics have imposed themselves with catastrophic success. With the market now saturated with available data on tens of millions of credit card accounts, the online cost of a single credit card has plunged from $16 to 50 cents in a few months.
The glut of credit card information has prompted the hackers to go in quest of more valuable data loot, Mr Sartin said. The big money now is in stealing PINs and mothers’ maiden names along with the associated accounts. This has led to the successful execution of complex attack strategies previously thought only theoretically possible, he said.
The leap in sophistication of cybercrime is clear from the amount of verbal traffic on the forums. Analysts at TrendMicro, a Japanese company specialising in internet security, watched as a vendor sold software that can defeat the “breaker” programs that enable websites to differentiate between a human user and an automated disseminator of spam.
Verizon Business investigators watched an online auction for software that would give access to a particular cash register in a particular US branch of a large fast-food chain. Any time a customer used a debit or credit card to pay for their burgers, the PIN data would be diverted to the criminals. The hacking software eventually sold for $60,000.
Along with the complexity of the data heisting, the profile of the hackers has changed too. The dominance of the Russian Business Network — a much-feared association of cybercriminals rumoured to enjoy official protection in Moscow — has given way to new players, many operating from China.
This trend has accelerated as companies in the developed world have increasingly outsourced elements of their businesses to China. Stuart Witchell, senior vice-president of FTI-International Risk, an Asian-based risk consultancy, said that while hackers represent a significant threat to businesses, many data breaches are carried out by company insiders.
Investigators of one recent spate of PIN thefts believe that the enabling “sleeper” code was inserted into the software of a batch of credit card readers produced in a Chinese electronics factory on behalf of a European company.
Raimund Genes, the chief technical officer of TrendMicro, whose main business is protecting companies against viruses and other forms of online assault, says that since 2007 the average number of new “malware” samples his company has to process each month has risen from 270,000 to more than one million.
Mr Genes fears that the online cybercrime marketplaces have become so sophisticated that it may soon be impossible for the likes of TrendMicro and government agencies to penetrate them effectively.
“In the past, we were able to watch the market extremely closely, but that is getting difficult because the bad guys know we are monitoring them,” he said. “They have developed an eBay of the underground, where the buyers and sellers have reputations. As a seller, you have to prove that your software works, but as a buyer you have to show that you have used the information to commit a crime. Without doing that, you can’t access the higher layers of the forum where the really good stuff is being sold.”
SOURCE: http://www.timesonline.co.uk/tol/news/world/asia/article6735085.ece
