An investigation has found that stolen data is now being bought and sold on the internet.
It was only ever a matter of time before cyber criminals started to realize that the best way forward for evolving their attack models was to give them a commercial focus. For those who have designed the technology – built bot-nets, used Trojans, launched Phishing and Pharming attacks etc. – to steal corporate and customer-sensitive information, but do not want to take the risk of directly actioning that data, there have to be other opportunities available. Therefore, it comes as no surprise to find that on the black market the underground economy has devised a scale of charges for selling on their ill-gotten gains.
Symantec reports that stolen credit card details (including verification codes) can be purchased for between $1 and $6, while a whole identity remains a modest $14 to $18. This could be just the tip of the iceberg. Taking this theme a stage further, more effort could be put into the data analysis potential of stolen credentials by the perpetrators of data theft, and higher values being placed on the sale of cards and identities that provide larger-value theft opportunities.
During the last six months of 2006 there was a reported rise of almost 30% in the number of bot-infected computers, and Phishing and Pharming attack numbers were also up, suggesting that IT security vendors are not doing the job that purchasers of their services are paying for. More effort and more thought needs to be put into how organizations and the security industry in general deal with the global problem of data and identity theft.
That may be a too simplistic view, but in a world where your friendly neighborhood, not-for-profit hacker has been ruthlessly replaced by criminal gangs that are out to make more than the odd dishonest buck, the data loss prevention scene has acquired a whole new impetus.
Source: OpinionWire by Butler Group (www.butlergroup.com)
