RSA Europe: The growth of the underground hacker ‘economy’

News
By Asavin Wattanajantra
published

Credit card data dealing on underground forums laid bare – service level agreements and efficient cash conversion that even the stock market could take lessons from.

The last few years have seen some of the biggest ever changes in IT security, especially with the new breed of financially motivated hacker.

This was according to Hugh Thompson, chief security strategist for People Security, who was talking at a keynote at RSA Europe 2008. He said that IT security had to deal with many shifts in the last three or four years, such as in internet environments.

But it was the attacker in the forum who Thompson most focused on. He talked of an efficient and effective underground economy where there was the dealing of credit card data. In his research, he revealed that users dealing with credit card data now have service level agreements between the buyer and stolen credit card brokers.

He picked out the example of a broker who was trying to sell various credit card numbers: "He makes a couple of guarantees instant replacement if he sells you bad credit card numbers, good discounts for big orders."

He added: "You can even check the merchandise by giving you a sample set of ten stolen credit card numbers to see if they work for you."

Thompson said that he felt it was incredible that the criminals had the maturity in the underground market that they felt they had to differentiate themselves by the quality of service that they were giving on stolen merchandise.

The strategist then led on to talk about how these transactions were now leading on to secondary markets. Thompson gave an example of how rather than deal with stolen credit card numbers, users would make a profit by converting different types of electronic currency.

He described the transactions the user could make: "PayPal to e-gold, PayPal to Western Union which is probably the best deal.

"What's fascinating about this is that it was in August, and then went back to look at all the posts from this individual. I found one three months before that, and the rates were different.

"It turns out that one of those e-money providers had just announced they had added an extra layer of security. So the market was so efficient that it priced in that extra problem the broker had to go through."

For more coverage and photos from the RSA show, click here.

Asavin Wattanajantra