Internet crooks shun plunder, opt for patience
SAN JOSE, Calif. - Internet criminals have been getting more "professional" for years, trying to operate like Big Business to get better and more profitable at selling stolen data online.
Now the bad guys of the cyber-underworld are exhibiting other unexpected traits: remarkable patience and restraint in stalking their victims.
A new report by the antivirus software vendor Symantec Corp. details a startling trend that highlights the inventive ways of criminals.
Hackers are sometimes breaking into online businesses and not stealing anything. Gone are the bull-in-the-China-shop days of plundering everything in sight once they've found a sliver of a security hole.
Instead of swiping all the customer data they can get their hands on, a small subset of hackers have concerned themselves with stealing only a very specific thing: access to the companies' payment-processing systems, and nothing else, according to the "Symantec Report on the Underground Economy," scheduled for release today.
Those systems allow the bad guys to check whether credit card numbers being hawked on underground chat rooms are valid, the same way the store verifies whether to accept a card payment.
It's a service the crooks sell to other fraudsters who don't trust that the stolen card numbers they're buying will actually work. The bad guys hardly touch anything. The customer data for that store's clientele remains intact. They don't install malicious software that turns the compromised machines into spam-spewing robots.
"They treat these things fairly pristinely so they can maintain access," said Alfred Huger, vice president for Symantec Security Response.
According to Symantec, in the company's yearlong look at 135 so-called "underground economy servers" - all public servers hosting mostly legitimate chat channels, with a few bad ones catering to cyber crooks - researchers determined that criminals have latched on to this tactic as a way to make money and self-police the underground.
Symantec said it didn't find out which vendors had been compromised. The company says it didn't get inside the compromised servers that carry even more secretive back-channel conversations, because doing so would have broken the law.
The company's researchers were only able to determine the trend is happening by looking at thousands of credit card numbers being checked every day - and either accepted or rejected - by shadowy groups online promoting that service and charging a fee.
That fee is about $10 per card checked. Considering they're typically checked in batches of 10 or more, the revenue can add up fast.
Researchers said that the high number of cards the groups were checking each day suggests that they either had long-term access to a few compromised vendors, or had a lot of compromised vendors under their control and would shift the credit-card-checking chores to different ones to avoid being detected.
Huger said the reason the criminals don't raid the victim companies' databases is it's much lower risk to just check the card numbers on someone else's computers, rather than to start taking stuff out, which gets noticed.
Huger said the report just touched on the "low end" of the underground economy. The report emphasized that the potential bounty for hackers on the underground economy will only go up as "matures and operates more like a traditional business model."