Investigation reveals growth of online black market

The online trade in credit card details, email addresses and tools used in cyber attacks is growing, an
Independent investigation has revealed.

Hackers and scammers are taking advantage of the ease with which they can set up online to make a "comfortable living" dealing on the black market. And some can make nearly £45,000 in a day selling devices used to take down and break into websites, claimed one seller.

"I personally wouldn't call [the trade] 'underground' as underground is defined as secretive. Buying credit cards now is like going up to your local gas station and buying a soda," said the merchant, who was speaking on condition of anonymity.

Experts say that those involved even operate under minimal cover, selling credit card details, names, addresses and passwords. "It's all for sale online, if you know where to look," said Brian Krebs, one of the leaders in research into the online black market.

The former Washington Post reporter, who now runs his own internet security blog, added: "I can point to 22 different sites that are selling stolen credit card data right now, and those are just the sites that I know of. There are plenty of places where you can buy that kind of thing."

He put the industry's growth down, at least in part, to an increase in the availability of what he called "crook-to-crook services"; people with technical expertise being paid to help those without it.

"That would cover services offered by those in the community to those who want to be," he said, adding: "For a small amount of money, you can set yourself up in business, selling stolen personal data. It is almost as easy for people to get started stealing credit card and identity info as it is for them to just go buy it online.

Although accurate figures do not exist, it is though that there is a greater number of people involved in the underground trade, both from the buyer's and seller's point of view. "It is so easy now for people to get into this line of business...often they do not even seem to realise the value of the information they have," said Mr Krebs.

The sheer number and value of the credit card transactions which take place online provide both greater incentive and greater opportunity to thieves, according to internet security firm Symantec. The company, which produces an annual report on online threats, found that, in 2008, there were two billion credit card transactions in the UK, worth a total of £126.3bn.

Mr Krebs explained that the majority of black market transactions take place in private, in online chatrooms or via instant messengers, but he said they might be initiated in public. One seller contacted by The Independent posted a message on his Twitter account, inviting bids for a "0-Day" - a weakness in a website, programme or app's security or a tool for exploiting a weakness.

That seller initially tried to broker a deal over a botnet when contacted by this newspaper. He said he expected the system, which he claimed automatically configures computers to take part in a Denial of Service attack (DoS), to sell for around £12,500.

In a bid to demonstrate the power of the botnet, the developer briefly took down a predesignated website, ostensibly via a DoS and achieved in a fraction of the time more traditional methods would be expected to take. He talked of his pride in his device saying that he felt it was worth "much more" than £12,500 but admitted he would have to be realistic and take the price he could get. "I'm just after the money, man," he said.

The cost of the basic details of a credit card is significantly lower, he said. Symantec reports that a single card can be bought for as little as 4p but, in some cases, could go as high as £60 per card, depending on the information available and the type of card on sale.

As part of its latest Annual Internet Security Threat Report, it said: "The wide range in prices may be a reflection of simple supply and demand, where higher bulk availability results in lower prices and rarer cards are advertised at higher prices. Main factors that influenced the prices included: the amount of information included with the card, rarity of the card type, quality or validity of the card, type of card, and bulk purchase sizes.

"As in previous years, corporate accounts were typically advertised for a higher price than personal accounts as these bank accounts often have larger balances than those of personal accounts."

The anonymous seller claimed that his most common customers are "private black marketers. People that run businesses that can use this to increase their profits or to give themselves an advantage over their competitors.

It is impossible to say whether recent high profile attacks on the likes of the Sony PlayStation Network, which have exposed personal data, including credit card details have themselves provided a greater supply of information on sale or a greater demand for hacking tools.

However, figures from Symantec suggest that the average number of web attacks has increased from a little more than five million per day at the beginning of January 2009, to a little fewer than 20 million per day in late 2010. Its latest report notes that, as people gain better protection against older methods of cyber attack, so must developers continue to advance their "toolkits" in a bid to "remain competitive and successful".

Voices
The Sumatran tiger, endemic to the Indonesian island of Sumatra, is an endangered species
voicesJonathon Porritt: The wild tiger population is thought to have dropped by 97 per cent since 1900
Arts and Entertainment
Beast would strip to his underpants and take to the stage with a slogan scrawled on his bare chest whilst fans shouted “you fat bastard” at him
musicIndie music promoter was was a feature at Carter gigs
News
news
Arts and Entertainment
Story line: Susanoo slays the Yamata no Orochi serpent in the Japanese version of a myth dating back 40,000 years
arts + entsApplying the theory of evolution to the world's many mythologies
News
ebookA unique anthology of reporting and analysis of a crucial period of history
News
Performers dressed as Tunnocks chocolate teacakes, a renowned Scottish confectionary, perform during the opening ceremony of the 2014 Commonwealth Games at Celtic Park in Glasgow on July 23, 2014.
news
Life and Style
Popular plonk: Lambrusco is selling strong
Food + drinkNaff Seventies corner-shop staple is this year's Aperol Spritz
News
Gardai wait for the naked man, who had gone for a skinny dip in Belfast Lough
newsTwo skinny dippers threatened with inclusion on sex offenders’ register as naturists criminalised
News
Shake down: Michelle and Barack Obama bump knuckles before an election night rally in Minnesota in 2008, the 'Washington Post' called it 'the fist bump heard round the world'
newsThe pound, a.k.a. the dap, greatly improves hygiene
Arts and Entertainment
La Roux
music
Arts and Entertainment
Graham Fellows as John Shuttleworth
comedySean O'Grady joins Graham Fellows down his local Spar
News
people
News
Ross Burden pictured in 2002
people
News
Elisabeth Murdoch: The 44-year-old said she felt a responsibility to 'stand up and be counted’'
media... says Rupert Murdoch
Arts and Entertainment
tv
Extras
indybest
Sport
Arsenal signing Calum Chambers
sportGunners complete £16m transfer of Southampton youngster
Latest stories from i100
Have you tried new the Independent Digital Edition apps?

Day In a Page

The children were playing in the street with toy guns. The air strikes were tragically real

The air strikes were tragically real

The children were playing in the street with toy guns
Boozy, ignorant, intolerant, but very polite – The British, as others see us

Britain as others see us

Boozy, ignorant, intolerant, but very polite
Countries that don’t survey their tigers risk losing them altogether

Countries that don’t survey their tigers risk losing them

Jonathon Porritt sounds the alarm
How did our legends really begin?

How did our legends really begin?

Applying the theory of evolution to the world's many mythologies
Watch out: Lambrusco is back on the menu

Lambrusco is back on the menu

Naff Seventies corner-shop staple is this year's Aperol Spritz
A new Russian revolution: Cracks start to appear in Putin’s Kremlin power bloc

A new Russian revolution

Cracks start to appear in Putin’s Kremlin power bloc
Eugene de Kock: Apartheid’s sadistic killer that his country cannot forgive

Apartheid’s sadistic killer that his country cannot forgive

The debate rages in South Africa over whether Eugene de Kock should ever be released from jail
Standing my ground: If sitting is bad for your health, what happens when you stay on your feet for a whole month?

Standing my ground

If sitting is bad for your health, what happens when you stay on your feet for a whole month?
Commonwealth Games 2014: Dai Greene prays for chance to rebuild after injury agony

Greene prays for chance to rebuild after injury agony

Welsh hurdler was World, European and Commonwealth champion, but then the injuries crept in
Israel-Gaza conflict: Secret report helps Israelis to hide facts

Patrick Cockburn: Secret report helps Israel to hide facts

The slickness of Israel's spokesmen is rooted in directions set down by pollster Frank Luntz
The man who dared to go on holiday

The man who dared to go on holiday

New York's mayor has taken a vacation - in a nation that has still to enforce paid leave, it caused quite a stir, reports Rupert Cornwell
Best comedians: How the professionals go about their funny business, from Sarah Millican to Marcus Brigstocke

Best comedians: How the professionals go about their funny business

For all those wanting to know how stand-ups keep standing, here are some of the best moments
The Guest List 2014: Forget the Man Booker longlist, Literary Editor Katy Guest offers her alternative picks

The Guest List 2014

Forget the Man Booker longlist, Literary Editor Katy Guest offers her alternative picks
Jokes on Hollywood: 'With comedy film audiences shrinking, it’s time to move on'

Jokes on Hollywood

With comedy film audiences shrinking, it’s time to move on