Internet criminals have been getting more "professional" for years, trying to run their businesses like Big Business to get better and more profitable at selling stolen data online. Now the bad guys are exhibiting other unexpected traits: remarkable patience and restraint in stalking their victims.
SAN JOSE, Calif. — Internet criminals have been getting more “professional” for years, trying to run their businesses like Big Business to get better and more profitable at selling stolen data online. Now the bad guys are exhibiting other unexpected traits: remarkable patience and restraint in stalking their victims.
A new report by anti-virus software vendor Symantec details a startling trend that highlights the inventive ways criminals are figuring out ways to make money online.
Hackers are sometimes breaking into online businesses and not stealing anything. Gone are the days of plundering everything in sight once they’ve found a sliver of a security hole.
Instead of swiping all the customer data they can get their hands on, a small subset of hackers have concerned themselves with stealing only a very specific thing from the vendors they breach.
Most Read Business Stories
- 6 Dr. Seuss books won't be published for racist images
- Frontier cancels flight, citing maskless passengers
- Biden vows enough vaccine for all US adults by end of May
- Amazon sued by Black cloud-computing manager over alleged racial discrimination and sexual harassment
- Texas becomes biggest US state to lift COVID-19 mask mandate
They want access to the companies’ payment-processing systems and nothing else, according to the “Symantec Report on the Underground Economy,” slated for release today.
Card numbers verified
Those systems allow the bad guys to check whether credit-card numbers being hawked on underground chat rooms are valid, the same way the store verifies whether to accept a card payment or not.
It’s a service the crooks sell to other fraudsters who don’t trust that the stolen card numbers they’re buying from someone else will actually work.
The bad guys hardly touch anything. The customer data for that store’s clientele remains intact. They don’t install malicious software that turns the compromised machines into spam-spewing robots.
Think of it like taking a used car to a mechanic for an inspection before buying. Only in this case the mechanic’s a squatter who’s holed up illegally in some other guy’s shop and using his tools when no one’s around at night. And he cleans up spotlessly once he’s done.
According to Symantec, in the company’s yearlong look at 135 so-called “underground economy servers” — all public servers hosting mostly legitimate chat channels, with a few bad ones catering to cybercrooks — researchers determined that criminals have latched on to this tactic as a way to make money and self-police the underground.
Symantec said it didn’t find out which vendors had been compromised.
The company’s researchers were only able to determine the trend is happening by looking at thousands of credit-card numbers being checked every day — and either accepted or rejected — by shadowy groups online promoting that service and charging a fee.
Researchers said that the high number of cards the groups were checking each day suggests that they either had long-term access to a few compromised vendors or had a lot of compromised vendors under their control and would shift the credit-card-checking chores to different ones to avoid being detected.
$7 billion in stolen cards
Plenty of bad guys are still looting everything in sight, according to Symantec’s study. Researchers spotted $7 billion worth of stolen credit cards and bank accounts being sold during the yearlong project. That figure assumes the cards and accounts were completely drained by the crooks.
The actual price those cards and accounts could command on the black market was far less, however, because of the risk the buyer takes on in trying to extract money or make fraudulent purchases.
The report mostly underscores the trend that online criminals are adding more touches of professionalism to their businesses, like bundling packages of exploits together and selling them, or offering up programmers — like a company would hire a consultant — to write malicious code for other people.