While the economy lurches from one day to the next and incidents of real-life piracy increase off the coast of Somalia, Symantec's "Report on the Underground Economy" illuminates an online underground that has matured into an efficient global marketplace for stolen goods and fraud-related services. Symantec reports that in the yearlong period of observation an estimated $276 million worth of advertised goods was trafficked-a small fraction of the overall underground economy.
Dave Cowings, Symantec senior manager of operations for security response, said that figure represents only a small fraction of this economy that has been uncovered through the survey. "It's thriving, it's starting to evolve and as more businesses do online transactions, this economy will grow [too]," he said. "This is an economy without borders, so cyber-criminals can cast a very wide net."
The report's data, from Symantec's STAR (Security Technology and Response) organization, was culled from underground economy servers between July 1, 2007 and June 30, 2008. During this reporting period, North America hosted the largest number of such servers, with 45 percent of the total; Europe/Middle East/Africa hosted 38 percent; followed by Asia/Pacific with 12 percent and Latin America with 5 percent. The geographical locations of underground economy servers are constantly changing to evade detection.
The report cited credit card information as the most advertised category of goods and services circulating through the underground economy, representing nearly one-third of the total. While the price of stolen credit card numbers remains low, with some selling for as little as $0.10 to $25 per card, Symantec observed that the average advertised stolen credit card limit was more than $4,000. The company estimated that the potential worth of all credit cards advertised during the reporting period was $5.3 billion.
These numbers, which are expected to increase, mean a small and midsize business needs to have a multilayered security solution in place, Cowings said. "There are several mitigation techniques that SMBs need to take, starting with database encryption," he said. "They should also limit access to databases."