Black Market for ID Theft Has Strong U.S. Ties, Symantec Finds

Published: March 26, 2007

by Alex Woodie

Curious to know what your personally identifiable information could fetch on the black market? While it may be priceless to you, hackers, cyber criminals, and other ne'er-do-wells of the underground economy charge from $14 to $18 for a deluxe identity theft package that includes a U.S. bank account and credit card numbers, date of birth, and government issued identification number, whereas a valid credit card number could be had for as little as $1, according to Symantec's latest Internet Security Threat Report.

Every six months or so, Symantec issues an Internet Security Threat Report that details the latest trends in online security. According to Volume XI of the series, released on Monday, instances of data theft, data leakage, and the release of malicious code for financial gain are all on the rise, making the Web a more dangerous place than it was six months ago, which should come as no great surprise.

For the first time, Symantec provided a glimpse into an underground economy where stolen confidential information is sold for profit. The software giant found that, over the last six months of 2006, more than 50 percent of the world's known "underground economy servers"--where criminals go to sell stolen identities--were located in the United States. The findings could put a damper on the commonly held belief that most identity theft rings are working out of Eastern Europe, Russia, or China. It's actually right here, in our own backyards.

Other notable findings include:

• a 29 percent increase in the number of bot-infected computers around the world, to 6 million.
• a 25 percent decrease in the number of "command-and-control" servers in charge of the bots, signaling that hackers are benefiting from server consolidation, too.
• a 23 percent increase in the number of Trojans, which accounted for 45 out of every 50 malicious code samples, indicating a move away from mass-mailing worms toward Trojans.
• a 12-fold increase in the number of zero-day exploits (there were 12 in the second half of 2006, but there was only one in the first six months).

Now more than ever, businesses and consumers need to take steps to secure their data and prevent unauthorized access to their computers, says Arthur Wong, senior vice president of security response and managed services for Symantec. "As cyber criminals become increasingly malicious, they continue to evolve their attack methods to become more complex and sophisticated in order to prevent detection," he says.

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot