Wednesday, 26 November 2008

"Underground" online economy is flourishing

While growth in the real economy is being hit hard by the global credit crisis, there appear to be no signs of a recession in the "underground" online economy, which is flourishing with millions of pounds being exchanged to buy stolen goods and "fraud-related services".

These are the findings of online security firm, Symantec's Report on the Underground Economy, which it compiled based on data gathered by its Security Technology and Response (STAR) organisation, from underground economy servers between July 1, 2007 and June 30, 2008.

According to Symantec, the potential value of total goods advertised in the "underground" online world was more than £184 million ($276 million). No prizes for guessing what was the most popular item for sale, and no it was not a Nintendo Wii or an iPhone but stolen credit card details.

Symantec said that credit card information accounted for 31% of the total goods for sale and that the potential worth of all credit cards advertised during the reporting period was £3.53 billion ($5.3 billion).

"The popularity of credit card information is likely due to the many ways this information can be obtained and used for fraud; credit cards are easy to use for online shopping and it’s often difficult for merchants or credit providers to identify and address fraudulent transactions before fraudsters complete these transactions and receive their goods," said Symantec. "Also, credit card information is often sold to fraudsters in bulk, with discounts or free numbers provided with larger purchases."

Stolen bank account information (20% of total goods advertised) was the second most popular item for sale with prices ranging from £6.50 ($10) to £650 ($1,000). According to Symantec's report, most of the underground activity was hosted by North American (45% of the total) servers, followed by EMEA on 38%. Asia Pacific was only 12% and Latin America 5%. "The geographical locations of underground economy servers are constantly changing to evade detection," said Symantec.

No comments: