The personal data of EU citizens is a valuable illicit commodity that is being traded in a criminal digital underground economy and turned into cash, reveals Europol’s new iOCTA* report. And, whilst the value of the cybercriminal economy as a whole is not yet known, one recent estimate of global corporate losses stands at around 750 billion per year (source: McAfee).
Stolen personal and financial information which is used, for example, to fraudulently gain access to bank accounts and credit cards, or to establish new lines of credit, has a monetary value. Criminals are trading credit card data for up to $30 per card, bank account information for between $10 – $125 and even your email account data is worth up to $12 in this sophisticated and self–sufficient economy. Criminals are not only interested in details of credit cards and compromised bank accounts, but also our addresses, phone numbers, social security numbers, full names and dates of birth.
All of this stolen data is retailed in the criminal underworld, which is driving a range of new illegal activities, including crimeware distribution and the hacking of corporate databases. This is backed up by a fully–fledged infrastructure of malicious code writers and hackers, specialist web hosts and leased networks of thousands of compromised computers which carry out automated attacks online, to access and steal personal data. As this underground economy has grown in sophistication, ‘service providers’ have also emerged who offer payment card verification number generators.
Organised crime groups benefit from globalisation, moving to different countries and even different continents to withdraw cash using counterfeit (skimmed) cards. They also use these counterfeit cards to make purchases online, such as transport and accommodation. ‘Mules‘ are recruited via employment search websites and social networking sites to help ’cash in‘ stolen personal and financial information. As the individuals tasked with turning data in hard cash, mules are the visible face of cybercrime.
Cybercriminal groups often have no obvious leadership but divide labour according to technical abilities, with most members only knowing each other online. Therefore, online forums are essential tools for the digital underground economy to recruit and make introductions, enabling criminals to swarm together to work on specific projects. These forums are also where crimeware components are advertised and budding cybercriminals learn their trade through tutorials. The high–tech skills required mean that those involved in cybercrime rarely fit the traditional profile of transnational organised crime groups. These cybercriminals are usually young, highly–skilled individuals, under the age of 25, and often recruited from universities.