The identity theft racket is quickly developing into a mature market with the consolidation of thieves and illegal vendors and an increase of illicit business volume, Symantec reported today in its biannual Internet Security Threat Report.
The report covers the period between June 2006 and December 2006, during which the business of selling stolen identities solidified, said Alfred Hager, vice president of engineering for Symantec Security Response.
“The underground economy isn’t new by any means, but this is an established order of things now,” Hager said. “It’s standardized. It’s like a market economy. It’s very varied and it’s highly organized.”
Symantec researchers found that the average price of an identity package including a Social Security number, bank account information, name, date of birth and credit card information stabilized between $14 to $16. Hager said that he and his colleagues observed people who use these identities to steal money from accounts regularly price shop between underground IRC ecommerce servers.
In addition to competitive pricing, stolen identity "vendors" are also working to consolidate the market to grab a bigger piece of the ever-growing pie.
“We’re starting to see the level of sophistication of the people who are doing this go up, and the number of people who are actively engaged going down,” he said. “Bots tend to be central to the data thefts we see. What we see is the people who run the botnets tend to be the same people who aggregate and sell the personal information. If they want to put one another out of business they remove their ability to transact by denial of servicing them into the stone age with these massive bot networks.”
Symantec was able to substantiate that trend with hard numbers. While the number of bots is up 29 percent since the last Internet Security Threat Report, the number of control servers is down by 25 percent.
The increased level of sophistication of data thieves is also affecting their tactics. Symantec reported finding 12 zero-day exploits during the six-month period examined in the report.
“That is a tremendous jump relative to what we’ve ever seen before for zero-day exploits,” Hager said. “If you take a look at previous two reporting periods, they had one in each of them.”
Click here to email West Coast Bureau Chief Ericka Chickowski.