Investigation reveals growth of online black market

The online trade in credit card details, email addresses and tools used in cyber attacks is growing, an
Independent investigation has revealed.

Hackers and scammers are taking advantage of the ease with which they can set up online to make a "comfortable living" dealing on the black market. And some can make nearly £45,000 in a day selling devices used to take down and break into websites, claimed one seller.

"I personally wouldn't call [the trade] 'underground' as underground is defined as secretive. Buying credit cards now is like going up to your local gas station and buying a soda," said the merchant, who was speaking on condition of anonymity.

Experts say that those involved even operate under minimal cover, selling credit card details, names, addresses and passwords. "It's all for sale online, if you know where to look," said Brian Krebs, one of the leaders in research into the online black market.

The former Washington Post reporter, who now runs his own internet security blog, added: "I can point to 22 different sites that are selling stolen credit card data right now, and those are just the sites that I know of. There are plenty of places where you can buy that kind of thing."

He put the industry's growth down, at least in part, to an increase in the availability of what he called "crook-to-crook services"; people with technical expertise being paid to help those without it.

"That would cover services offered by those in the community to those who want to be," he said, adding: "For a small amount of money, you can set yourself up in business, selling stolen personal data. It is almost as easy for people to get started stealing credit card and identity info as it is for them to just go buy it online.

Although accurate figures do not exist, it is though that there is a greater number of people involved in the underground trade, both from the buyer's and seller's point of view. "It is so easy now for people to get into this line of business...often they do not even seem to realise the value of the information they have," said Mr Krebs.

The sheer number and value of the credit card transactions which take place online provide both greater incentive and greater opportunity to thieves, according to internet security firm Symantec. The company, which produces an annual report on online threats, found that, in 2008, there were two billion credit card transactions in the UK, worth a total of £126.3bn.

Mr Krebs explained that the majority of black market transactions take place in private, in online chatrooms or via instant messengers, but he said they might be initiated in public. One seller contacted by The Independent posted a message on his Twitter account, inviting bids for a "0-Day" - a weakness in a website, programme or app's security or a tool for exploiting a weakness.

That seller initially tried to broker a deal over a botnet when contacted by this newspaper. He said he expected the system, which he claimed automatically configures computers to take part in a Denial of Service attack (DoS), to sell for around £12,500.

In a bid to demonstrate the power of the botnet, the developer briefly took down a predesignated website, ostensibly via a DoS and achieved in a fraction of the time more traditional methods would be expected to take. He talked of his pride in his device saying that he felt it was worth "much more" than £12,500 but admitted he would have to be realistic and take the price he could get. "I'm just after the money, man," he said.

The cost of the basic details of a credit card is significantly lower, he said. Symantec reports that a single card can be bought for as little as 4p but, in some cases, could go as high as £60 per card, depending on the information available and the type of card on sale.

As part of its latest Annual Internet Security Threat Report, it said: "The wide range in prices may be a reflection of simple supply and demand, where higher bulk availability results in lower prices and rarer cards are advertised at higher prices. Main factors that influenced the prices included: the amount of information included with the card, rarity of the card type, quality or validity of the card, type of card, and bulk purchase sizes.

"As in previous years, corporate accounts were typically advertised for a higher price than personal accounts as these bank accounts often have larger balances than those of personal accounts."

The anonymous seller claimed that his most common customers are "private black marketers. People that run businesses that can use this to increase their profits or to give themselves an advantage over their competitors.

It is impossible to say whether recent high profile attacks on the likes of the Sony PlayStation Network, which have exposed personal data, including credit card details have themselves provided a greater supply of information on sale or a greater demand for hacking tools.

However, figures from Symantec suggest that the average number of web attacks has increased from a little more than five million per day at the beginning of January 2009, to a little fewer than 20 million per day in late 2010. Its latest report notes that, as people gain better protection against older methods of cyber attack, so must developers continue to advance their "toolkits" in a bid to "remain competitive and successful".

Start your day with The Independent, sign up for daily news emails
Property
pets
Arts and Entertainment
tvGame of Thrones season 5 ep 4, review - WARNING: contains major spoiliers!
Arts and Entertainment
tvThe C-Word, TV review
Arts and Entertainment
The Ridiculous Six has been produced by Adam Sandler, who also stars in it
filmNew controversy after nine Native American actors walked off set
ebooks
ebooksA celebration of British elections
Sport
Danny Jones was in the Wales squad for the 2013 World Cup
rugby leagueKeighley Cougars half-back was taken off after just four minutes
Life and Style
The original ZX Spectrum was simple to plug into your TV and get playing on
techThirty years on, the ZX Spectrum is back, after a fashion
News
Tiger Woods and Lindsey Vonn are breaking up after nearly three years together
peopleFormer couple announce separation in posts on their websites
Sport
football
Life and Style
Google celebrates Bartolomeo Cristofori's 360th birthday
techGoogle Doodle to the rescue
Arts and Entertainment
Haunted looks: Matthew Macfadyen and Timothy Spall star in ‘The Enfield Haunting’
tvThe Enfield Haunting, TV review
News
news
News
The Mattehorn stands reflected in Leisee lake near Sunnegga station on June 30, 2013 near Zermatt, Switzerland
news
  • Get to the point
Latest stories from i100
Have you tried new the Independent Digital Edition apps?

Day In a Page

Fishing for votes with Nigel Farage: The Ukip leader shows how he can work an audience as he casts his line to the disaffected of Grimsby

Fishing is on Nigel Farage's mind

Ukip leader casts a line to the disaffected
Who is bombing whom in the Middle East? It's amazing they don't all hit each other

Who is bombing whom in the Middle East?

Robert Fisk untangles the countries and factions
China's influence on fashion: At the top of the game both creatively and commercially

China's influence on fashion

At the top of the game both creatively and commercially
Lord O’Donnell: Former cabinet secretary on the election and life away from the levers of power

The man known as GOD has a reputation for getting the job done

Lord O'Donnell's three principles of rule
Rainbow shades: It's all bright on the night

Rainbow shades

It's all bright on the night
'It was first time I had ever tasted chocolate. I kept a piece, and when Amsterdam was liberated, I gave it to the first Allied soldier I saw'

Bread from heaven

Dutch survivors thank RAF for World War II drop that saved millions
Britain will be 'run for the wealthy and powerful' if Tories retain power - Labour

How 'the Axe' helped Labour

UK will be 'run for the wealthy and powerful' if Tories retain power
Rare and exclusive video shows the horrific price paid by activists for challenging the rule of jihadist extremists in Syria

The price to be paid for challenging the rule of extremists

A revolution now 'consuming its own children'
Welcome to the world of Megagames

Welcome to the world of Megagames

300 players take part in Watch the Skies! board game in London
'Nymphomaniac' actress reveals what it was really like to star in one of the most explicit films ever

Charlotte Gainsbourg on 'Nymphomaniac'

Starring in one of the most explicit films ever
Robert Fisk in Abu Dhabi: The Emirates' out-of-sight migrant workers helping to build the dream projects of its rulers

Robert Fisk in Abu Dhabi

The Emirates' out-of-sight migrant workers helping to build the dream projects of its rulers
Vince Cable interview: Charging fees for employment tribunals was 'a very bad move'

Vince Cable exclusive interview

Charging fees for employment tribunals was 'a very bad move'
Iwan Rheon interview: Game of Thrones star returns to his Welsh roots to record debut album

Iwan Rheon is returning to his Welsh roots

Rheon is best known for his role as the Bastard of Bolton. It's gruelling playing a sadistic torturer, he tells Craig McLean, but it hasn't stopped him recording an album of Welsh psychedelia
Russell Brand's interview with Ed Miliband has got everyone talking about The Trews

Everyone is talking about The Trews

Russell Brand's 'true news' videos attract millions of viewers. But today's 'Milibrand' interview introduced his resolutely amateurish style to a whole new crowd
Morne Hardenberg interview: Cameraman for BBC's upcoming show Shark on filming the ocean's most dangerous predator

It's time for my close-up

Meet the man who films great whites for a living