Online Black Market Worth $267 Million

By November 26, 2008 1 comment

Symantec estimates that the potential value of advertised stolen goods online is more than $276 million, 59% of which was credit card information. The security software company ’s Report on the Underground Economy, the result of data gathered from underground IRCs and forums from July 1, 2007, and June 30, 2008, analyzed a segment of the online black market and extrapolated from its findings some surprising figures. Stolen credit card numbers sell for as little as a dime or a quarter online, and the average credit limit on a stolen card is $4,000. Symantec believes that the total worth of all stolen credit numbers during the survey time was $5.3 billion. Stolen bank account information sells for between $10 and $1,000; the average stolen bank account balance is $40,000, and Symantec believes the total in stolen bank accounts for the monitoring period was $1.7 billion.

All in all, Symantec found 44,752 unique instances of sensitive information for sale. The highest earning organization that Symantec saw made $4.3 million in stolen credit card purchases over two years.

In the malware market, botnets sold for an average of $225, site-specific exploits financial sites for an average of $740, keystroke loggers for $23, and phishing kits for an average of $10.

Desktop video games were the most pirated software (49%), followed by utilities (16%), and multimedia productivity applications (11%). Symantec estimates that the total value of uploaded software it saw on one P2P network was $83.4 million.

45% of the servers that host fraudulent activity are in North America, 38% in Europe, Africa, and the Middle East, 12 % in Asia and the Pacific, and 5% in Latin America. There were 90,000 users on the largest IRC.

Page top

1 Comment

I have to laugh every time I hear someone blaming the Chinese or the Russians for every malaise from viruses to internet fraud. For one thing, as this study demonstrates, nearly half the rogue servers are right here in the US. Secondly, criminals who break into your system or your PC, typically don't leave a calling card showing their nationality or citizenship. Every rookie IT pro will tell you that having your footprints obfuscated by bouncing it off a proxy server in another county, is as easy as pie, so just because the intrusion came from an IP address in, say Ukraine, doesn't mean the Russian mafia was behind it.

Submitted by BarryInOrangeCounty (not verified) - on July 22, 2009 at 01:40 am

Legal mentions © L’Atelier BNP Paribas