RSA Europe: The growth of the underground hacker ‘economy’
By Asavin Wattanajantra,
The last few years have seen some of the biggest ever changes in IT security, especially with the new breed of financially motivated hacker.
This was according to Hugh Thompson, chief security strategist for People Security, who was talking at a keynote at RSA Europe 2008. He said that IT security had to deal with many shifts in the last three or four years, such as in internet environments.
But it was the attacker in the forum who Thompson most focused on. He talked of an efficient and effective underground economy where there was the dealing of credit card data. In his research, he revealed that users dealing with credit card data now have service level agreements between the buyer and stolen credit card brokers.
He picked out the example of a broker who was trying to sell various credit card numbers: “He makes a couple of guarantees – instant replacement if he sells you bad credit card numbers, good discounts for big orders."
He added: “You can even check the merchandise by giving you a sample set of ten stolen credit card numbers to see if they work for you.”
Thompson said that he felt it was incredible that the criminals had the maturity in the underground market that they felt they had to differentiate themselves by the quality of service that they were giving on stolen merchandise.
The strategist then led on to talk about how these transactions were now leading on to secondary markets. Thompson gave an example of how rather than deal with stolen credit card numbers, users would make a profit by converting different types of electronic currency.
He described the transactions the user could make: “PayPal to e-gold, PayPal to Western Union – which is probably the best deal.
“What’s fascinating about this is that it was in August, and then went back to look at all the posts from this individual. I found one three months before that, and the rates were different.
“It turns out that one of those e-money providers had just announced they had added an extra layer of security. So the market was so efficient that it priced in that extra problem the broker had to go through.”
For more coverage and photos from the RSA show, click here.
You may also like...
advertisement
Latest Security Features
Q&A: The ID card commissioner talks cards and controversy
We spoke to ID card commissioner Sir John Pilling about his thoughts on the identity scheme and why we might all think he's a bit of prat down the line.
- So you've been hacked, now what?
- The problems facing Internet Explorer
- Year in Review: 2009 in your words
- Top 10 security predictions for 2010
- Year in Review: Top tech stories of 2009
- The worst IT disasters of 2009
- Five free security software suites
- How to stay safe shopping online
- Is it time to switch to IPv6?
Latest Security Reviews
Symantec Backup Exec 2010 review
Rating: 
advertisement
Most popular
- Your Views: Google Street View across the UK
- Reviews round-up: Windows Phone 7 and Firefox Mobile
- Q&A: Conrad Wolfram on communicating with apps in Web 3.0
- Why is Microsoft accelerating Service Pack 1?
- Palm 'disapointed' by results, Pre sales
- Google updates Chrome, awards security bonus
- Report: Macs cost less to run than Windows PCs
- A guide to BlackBerry Messenger 5.0
- Windows Phone 7 review ? hands on
- HTC Legend review
Latest News Videos in Security
Video: Why security is everybody's responsibility
PlayRik Ferguson, senior security advisor at Trend Micro says it's up to all of us to make security work.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
e-currency transactions
It\'s a good article. That secondary market of crooked CC sellers has been around for years and years it\'s not new, just Google: paypal dumps CVV dumps western union dumps It seems to be definitely getting worse and more defined as pointed out here. However, it is important to note that digital currency operators are making big moves to prevent their products from being mis used for such purposes. E-gold now has an extensive customer identification program along with AML and KYC programs. They have successfully put in place preventions for their product to be used again by these crooks and much more powerful tracking for accounts that are abused. The market of private individual e-money facilitators is also being closed rapidly by digital currency operators. The largest companies now prevent their currency from auto-exchanges, they have either blocked or removed the API necessary to accomplish this and full identification is required by agents for exchanges. While e-gold and others have increased their programs to prevent mis use of their products, Western Union, PayPal and the Credit Card companies still allow pretty free and easy access to accounts and information. A better point of view for the next article might be what are Credit Card companies doing to improve their 50 year old plastic technology and make it less accessible to crooks. Mark editor@dgcmagazine.com
By Ip_editord16c4c1 on Wednesday Oct 29