Hackers building black economy, says study

A sophisticated underground economy, where hacking toolkits are on sale for as little as $1,000, has emerged to support computer crime gangs, a new report says.

In its latest bi-annual study, security firm Symantec says criminals are becoming more professional in the development, distribution and use of malicious code.

Arthur Wong, a Symantec senior vice president, said hackers are 'making cybercrime their actual profession, and they are employing business-like practices to successfully accomplish this goal.'

The study says the most prominent example is the Mpack, a toolkit widely sold in the underground economy this year for about $1,000, which enables attackers to install malicious code on computers. They can then 'monitor the success of the attack through various metrics on its online, password-protected control and management console,' Symantec said.

Symantec says the reliability and robustness of MPack indicates it was professionally-developed.

MPack was also a good example of the growing number of coordinated, multi-stage hacks, usually to gain access to confidential data for the purpose of financial fraud, the report said. These typically begin with a low-profile penetration from which subsequent attacks are launched.

The report also points to the growing number of 'underground economy servers' used to host by gangs to buy and sell stolen information - usually personal ID data, such as government IDs, credit cards and PINs.

Credit cards and bank accounts were the items most frequently advertised for sale on these servers, accounting for 43% of all listings. Credit cards are being sold for anything from 50 cents to $5, and bank accounts up to $400.

Internet security threats are also becoming more regional, with different patterns of attacks in different parts of the world. For Asian computers, the US is the country of origin of most attacks, accounting for 29%, followed by China (18%) and Japan (9%).

Asian computers are an attractive target because they tend to be less well-protected and, because of the fast growth in broadband, feature a lot of new users unfamiliar with security requirements.

Symantec security specialists compiled the report over the first six months of 2006. The company runs a network of more than 2 million decoy email accounts as a way of gauging Internet spam and phishing activity.