Credit cards top sales chart in $7b online black market

Credit cards and bank account details are the most sought-after items among cyber-criminals, according to a Symantec study of the flourishing "underground economy".

Credit cards were the most advertised item, accounting for 31% of all goods offered for sale, followed by bank and stock trading accounts (20%), Symantec concluded after a year monitoring online forums used by cyber-thieves.

Table 1. Goods and services available for sale, by category7
Source: Symantec Corporation

It said it had found "an online underground economy that has matured into an efficient, global marketplace in which stolen goods and fraud-related services are regularly bought and sold."

The potential value of goods advertised was $276 million, Symantec said, but it estimated the actual level of fraud from stolen credit and bank accounts could total as much as $7 billion.

In one major breach, criminals had defrauded more than $10 million through credit and debit card withdrawals.

Credit card information was the most sought-after probably because of the numerous ways it could be both obtained and used, as well as the sheer number of cards and transactions, the IT security firm said.

Bank accounts were attractive targets because of the opportunity to withdraw currency directly, it said.

PC games were far and away the most popular software item, representing 49% of all software sold, followed by utility apps (16%), and then multimedia editing software (11%).

Over one period on one server, Symantec estimated software worth $83.4 million was sold, two-thirds of which was multimedia apps, reflecting their high retail prices.

During the reporting period, Symantec observed 69,130 distinct active advertisers and 44,321,095 total messages posted to underground forums.

But it predicted that cyber-criminals would eventually abandon web-based forums in favor of harder-to-trace IRC.

"With so many of these forums and other sites being the target of undercover sting operations, it is likely that the more highly organized groups will attempt to cover their activities and limit their communications to private channels that are not as easily monitored, such as is afforded by the relative anonymity and safety of the IRC channels," it said.