Panda Security recently released an excellent document entitled “The Cyber-Crime Black Market: Uncovered” that is probably the easiest to read and best piece that has been made available to the general public in recent years about these underground criminal enterprises. The picture that this document presents is of an illicit industry that is trying desperately to grow and earn more income at all of our expense. Here is a sobering view of the “competition”:
Price wars, numerous ‘special offers’ and the diversification of the business are all indications of how these mafias are desperately trying to drive up revenue. A few years ago, it was just a question of the sale of a few credit card details. Now, in addition to offering all types of information about victims -even the name of the family pet-, other services are available, including physical cloning of cards or making anonymous purchases and forwarding the goods to the buyer.
The document also integrates key information integrated from the FBI, perhaps the most interesting aspect is how they categorize the professional positions within these organizations. Here are the most common positions per the FBI:
- Programmers. Who develop the exploits and malware used to commit cyber-crimes.
- Distributors. Who trade and sell stolen data and act as vouchers for the goods provided by other specialists.
- Tech experts. Who maintain the criminal enterprise’s IT infrastructure, including servers, encryption technologies, databases, and the like.
- Hackers. Who search for and exploit applications, systems and network vulnerabilities.
- Fraudsters. Who create and deploy various social engineering schemes, such as phishing and spam.
- Hosted systems providers. Who offer safe hosting of illicit content servers and sites.
- Cashiers. Who control drop accounts and provide names and accounts to other criminals for a fee.
- Money mules. Who complete wire transfers between bank accounts. The money mules may use student and work visas to travel to the U.S. to open bank accounts.
- Tellers. Who are charged with transferring and laundering illicitly gained proceeds through digital currency services and different world currencies.
- Organization Leaders. Often “people persons” without technical skills. The leaders assemble the team and choose the targets.
Perhaps the most chilling aspect of this document begins on Page 18 “The Sales Process” where real examples of price lists, resources (as in how much are in the bank accounts, etc) ordering details:
Prices vary according to the vendor, although the average is $150 for a complete card and a minimum order of five units. There is an additional cost for the plastic: $30 white plastic, and $80 for color printing. You also have to add to the cost of the information (the card number, PIN and other details) for which, as we’ve seen before, there are various offers.
If you have the time it might be a good opportunity to better educate yourself on the operations of these organizations, this should be a “must read” for any aspiring information security professionals. Understanding the enterprise behind the malware, botnets and other security risks is a key aspect of understanding how to prevent it.
Disclosure – we are not a Panda Software reseller, nor were we paid to post this. We are not in any way advocating a product or service in this post. Please review our Product and Partner Policy for more information.