Feature

The Underground Economy:

Where Cybercriminals Meet and Greet

From June 1, 2007 to June 30, 2008, Symantec went undercover to monitor the exchange of an estimated $276 million dollars worth of products and services in a global, underground online marketplace that has become nearly as efficient as the above board one. An insider’s view emerged from studying web forums and IRC channels dedicated to the black market, where not only do Cybercriminals arrange malicious activity, they actually create tutorials to proliferate instruction in crime. A culmination of Symantec’s findings was recently released in the Report On The Underground Economy.

Surprisingly, the underground economy works much like the legitimate one, with similar checks and balances, the establishment of trust, and a vacillating market. But scrutinizing cybercrime online yielded some valuable insight into what makes cybercriminals tick, and how to better protect ourselves from them.

The first question: what is it cybercrime? “Cybercrime is any criminal activity that involves a computer, a computer network, or a hardware device to commit some type of crime,” says Zufikar Ramzen, technical director of Symantec’s Security Technology And Response (STAR) team. The STAR team monitored both web forums and IRC channels around the world to track cybercrime in the global threat landscape. They found that cybercriminals often meet in online forums to plan attacks, teach each other, and sell malicious wares or sensitive (read: stolen) information.

Web forums are the preferred method for underground activity because posts and advertisements can last for days, whereas IRC channels are so transitory that posts often last for a few seconds at best. The main advantage with web forums is a both a boon and a bane. Exposure means trust, but it also means greater vulnerability to law-enforcement agents. To protect against discovery, many black hat merchants change identities regularly.

A greater presence in web forums helps shady businesses establish trust and familiarity with their customers. It seems paradoxical for these enterprises to value trust, but cybercriminals also want to ensure that they receive real compensation. Often web forum moderators will check out a business before granting “seller” status, to further ensure that it’s legit. This is often done with free samples: the business provides a small amount of wares to the moderator, like stolen credit card or bank numbers, which the moderator then validates. If they’re real, then the company gets coveted “seller” status.

It’s not all about selling, however. Cybercriminals also log onto web forums to meet with their peers and share knowledge. “The fact that [the forums are] there has facilitated a lot of the online criminal activity that we’re seeing,” says Ramzen. Symantec monitored tutorials where criminals learned new techniques and how to finesse old ones. The tutorials had names like “Fake IDs for the moronic teenager,” “U.S. Immigration made easy,” and “My photo editing tutorial”. Forum members also coordinate large crimes, like exploiting poorly protected wireless networks from department store chains (to gain credit card numbers). The forums provide the means to meet, discuss, and plan out the crime. In 2008, one of the largest credit and debit card thefts was prosecuted, involving cybercriminals from all over the world, including the U.S., China, Ukraine, Estonia, and Belarus.

Where product is concerned, the underground economy shifts like our legitimate one. There are booms, lulls, and changes in popular goods, from software suites to the latest music. Because multimedia applications, business activity suites and desktop games are popular in the regular market, they’re also dominating the underground market, where they’re made available for “free” download—with malicious software embedded within the program that steals sensitive information or carries out other consumer pitfalls. With employment, there was a high demand for black hat programmers, but now fraud, spam and phishing are gaining in popularity because they require a lesser degree of technological know-how.

Because the underground economy is so huge and elusive, what Symantec could monitor only represented a slice of what’s going on. “We monitored, over the course of the year, literally hundreds of millions of dollars of transactions and advertisements and requests taking place in the underground economy, but the reality is we only monitored what we knew about,” said Ramzen. The study did, however, help Symantec prepare for current and future threats… all to provide you, the consumer, with greater armor and support when it comes to your security and protection.

What can you do?

If you’re worried about your safety, here are some recommended steps for your immediate protection.

• Protect your email. Do you have an email filtering system? Phishing is on the rise, but with the proper protection, you can stop it before you even see it. Now that’s fast.
• Please tell us you have software protection. Or better yet, if you don’t, get some now. We recommend Norton AntiVirus 2010 for starters, or go to Symantec.com to find which suite is best for you.
• Is everything up-to-date ? Secure means keeping up with threats in the now, not the five years ago.
• Is H3ll0N0wI’mStrong! one of your passwords? Use complicated passwords and change them often. Just think: Rinse & Repeat
• Do you really need your social security number on your computer? Consider keeping sensitive information outta there.
• Use your keen smarts, you attractive and savvy Internet surfer. If something looks too good to be true, then you’re right: it is.

If you have a business:

• Do you have database encryption? Do you want it? (hint: Answer is usually Yes!)
• Who has access to what? If you don’t want the newspaper delivery boy to loose that thumb drive with everyone’s payroll information on it, create an employee access control policy. Whew! Consider doing the same with the top shelf in the fridge in break room—that’s valuable real estate.
• Do you really want sensitive information on anything portable (and losable?). Think twice before crossing that street to stay safe!

The underground economy is real, and it flourishes in the anonymity afforded by online venues. But the more we keep a watchful eye on this shady community, the more we’ll be able to keep our online experience fully above board.