With the TJX data breach fresh in the news, Larry Greenemeier and J. Nicholas Hoover (Information Week) have written one of the most informative articles to date on the hacker underworld.

They are warning us that:

Hacking isn’t a kid’s game anymore. It’s big business. Online black markets are flush with stolen credit card data, driver’s license numbers, and malware, the programs that let hackers exploit the security weaknesses of commercial software. Cybercriminals have become an organized bunch; they use peer-to-peer payment systems just like they’re buying and selling on eBay, and they’re not afraid to work together.

The article covers the mysterious carder forums – where other people’s financial information is bought and sold and how the information is paid for (wire transfer, PayPal, e-gold). It also shows how they avoid detection by anti-money laundering laws by what is know as “layering” (splitting up large sums into smaller ones).

There is also interesting information about the shady world where malware (crimeware) is being produced to steal the data.

Information Week article, here.

In case you were interested, here is how much (roughly) this information is being sold for:

The Black Market

$980-$4,900
Trojan program to steal online account information

$490
Credit card number with PIN

$78-$294
Billing data, including account number, address, Social Security number, home address, and birth date

$147
Driver’s license

$147
Birth certificate

$98
Social Security card

$6-$24
Credit card number with security code and expiration date

$6PayPal
account logon and password

Data: Trend Micro

The conclusion of the article isn’t new, which is that the business world needs to protect it’s data better and law enforcement faces obstacles in going after borderless crimes. Until laws are enacted, which allow the problem to be solved, it will likely flourish and grow.

Be Sociable, Share!