“Show me the money!” (with all due deference to Jerry Maguire) is the new mantra for crackers and malware writers. According to an Imperva.com whitepaper, The Industrialization of Hacking, “Cybercrime has evolved into an industry whose value in fraud and stolen property exceeded one trillion dollars in 2009. By contrast, in 2007, professional hacking represented a multibillion-dollar industry.”
But how is the money made? Certainly, it’s not completely by outright theft of funds from bank accounts, payment processors and identity theft. Sure, we hear about those things in the news all the time, but they are usually perpetrated by some individual or group at the end of a long chain of transactions that have more to do with trading in stolen data or the botnets that steal the data.
There is an excellent paper that gives great insight into the value of trading in such things: The International Computer Science Institute’s “An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants”, published in October 2007 as part of the proceedings of ACM Computer and Communication Security Conference (ACM CCS), Alexandria, Virginia.
The most common behavior in the market is the posting of want and sales ads for illicit digital goods and services. Goods range from compromised machines to mass email lists for spamming. Services range from electronically transferring funds out of bank accounts to spamming and phishing for hire… The goods and services advertised are sold to miscreants who perform various forms of e-crime including ﬁnancial fraud, phishing, and spamming. For example, a miscreant, intent on phishing, can enter the market and buy the goods necessary to launch a targeted phishing campaign…
For example, here are some actual postings the researchers got from the channels:
i have boa wells and barclays bank logins….
have hacked hosts, mail lists, php mailer send to all inbox
i need 1 mastercard i give 1 linux hacked root
i have veriﬁed paypal accounts with good balance…and i can cashout paypals
They also noted posting of samples of sensitive information that act as advertisements of sorts, similar to the “free sample” marketing model:
Name: Phil Phished
Address: 100 Scammed Lane, Pittsburgh, PA
Card Number: 4123 4567 8901 2345
Exp: 10/09 CVV: 123
CHECKING 123-456-XXXX $51,337.31
SAVINGS 987-654-XXXX $75,299.64
People ask me every day (particularly on Skype in reference to the latest Skype phishing attempts), “Why do people do this?” Now, rather than explaining it to them, I’ll just point them to this post. And you can do the same.