Home > All, Security Issues, Security News > Fraud as a Service: a new industry for the 2010s

Fraud as a Service: a new industry for the 2010s

January 24, 2011 Leave a comment Go to comments

The economic downturn is affecting everyone; there’s just not a lot money going around these days. So spare a thought for the criminal – with less money to steal, he has to work harder for his living.

Click for full size

Panda Security's report on the cybercrime black market

And that is certainly the conclusion to be drawn from Panda Security’s latest report: The Cyber-Crime Black Market: Uncovered. We have already seen in a previous post that complex viruses are being developed and used, probably to run interference for the trojans. By tying up the AV industry’s top engineers in locating, unravelling and disarming these viruses, the online criminals hope to keep the work of their data-stealing trojans operational over a longer period. But just consider the organizational skills that this requires: it’s an underground black market industry that mirrors the organisation of legitimate industry. Whatever you want, you can have: at the market price.

The report comes out of Panda’s decision to have a closer look at the internet’s black market, “to see what kind of services they are selling today,” explained technical director Luis Corrons. “We found that basically it is the same as what’s been going on for years – only now the service is more specialised, and the availability more widespread. In the past they sold things like infection kits, spam services, stolen credit cards; and yes that is still available. But now the criminals are offering far more services. In the past you could buy a number of credit cards; and depending on the amount you buy, the price goes up or down.” This is still available said Corrons, “but now the criminals have started offering guarantees. OK, you can pay, say, $2 for a credit card; but if you want access to a bank account with a certain amount of money guaranteed, you pay more – and you can have that. You can even request bank accounts with more than $80,000 – but to get such credentials you’d have to pay $700.”

Apart from the guarantees, the whole process has become more integrated. “You can buy the credit card details which you can use,” he continued, “and then you can hire additional services so they will take care of and make all the money transfers for an additional fee. Or, let’s say you buy some luxury items with these stolen credit card details – such as a big LCD TV. Well you can’t have it sent straight to your house because obviously the police can track it. No problem. There are people offering to do this for you. You want to buy this – we’ll do it for you, and take care of sending it to your house.”

From the comfort of an office or bedroom, with a single computer and spurred on by the lack of international legislation or cooperation between countries to facilitate investigations and arrests, cyber-criminals have been making a lucrative living from these activities.

Corrons even described a site in Russia that offers to provide you with anything you want for just 20% of the usual cost. How? Well FAQs on the site explain that they will use stolen credit cards to buy primarily from US online stores, and let you have the goods for 20% of the cost – which they take from you for their fee. This Russian site only supplies Russian residents, but is indicative of how the black market is evolving.

Typical services and prices from the new industry: Fraud as a
Service
Products Price
Credit card details From $2-$90
Physical credit cards From $190 + cost of details
Card cloners From $200-$1000
Fake ATMs Up to $35,000
Bank credentials From $80 to 700$ (with guaranteed
balance)
Bank transfers and cashing
checks
From 10 to 40% of the total $10
for simple account without guaranteed balance
Online stores and pay
platforms
From $80-$1500 with guaranteed
balance
Design and publishing of fake
online stores
According to the project (not
specified)
Purchase and forwarding of
products
From $30-$300 (depending on the
project)
Spam rental From $15
SMTP rental From $20 to $40 for three
months
VPN rental $20 for three months

Clearly, there is so much money to be made from these activities, even in difficult times, that what Panda is describing is the beginning of a new industry: cloud-based Fraud as a Service.

Panda
Report

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s