Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

Is the end near for credit card data theft?

Christopher Budd, Trend Micro

15-December-2015 2016 The laws of Supply and Demand and High Bid Wins cannot be repealed.  

The Trend Micro Forward Looking Threat Research Group has been conducting deep research into the cyber underground for three years in Russia, China, Japan, Brazil, and North America.

“These are my favorite reports we do, because no one else goes as deep or as broadly into the underground,” said Christopher Budd, Global Threat Communications Manager with Trend Micro. “We have people who’ve been living in this space for a while. One thing most interesting is when you look at North America and compare it with Russia or China, arguably better known, those undergrounds are like a speakeasy, in that you have to know someone to get in.”

With North America it’s completely different. Buyers and Sellers have gone to great lengths to make it as easy as possible. You can find tools that help you browse the underground with very little effort.

“Our research indicates one of the goals with the North American underground is to facilitate ease of access and use,” Budd said. “It’s the antithesis of the speakeasy model. That focus on openness in North America in contrast with China and Russia represents the way these two cultures approach commerce. You also see that in the service economy and in the underground economy.”

Trend Micro researchers use the Deep Web to all of the non-Google-able internet. The Dark Web is where people are aiming for anonymity, using things like Tor.

Most people in the mainstream have heard about the Silk Road – where you can buy drugs and guns. That is what researchers find when examining North American cyber underground. The Russian and Chinese undergrounds are more about hacking tools, stolen data for sale, and things associated with cybercrime as practiced.
“We have documented forums that advertise murder and harm for hire,” said Budd. “One price if you want someone roughed up, another if you want someone killed. If they have a security detail it costs more, as it does if they are a notable person. Just because something is for sale however, doesn’t mean people are buying or that it’s going to be delivered. I haven’t heard of a case of someone being harmed. It might have happened, although I haven’t heard of it.”

When discussing criminal activity for sale online, three questions arise…
•  How many are advertising real goods and services?
•  How many are criminals seeking to steal money for illegal services they have no intention of delivering?
•  How many are Law Enforcement Officers (LEO) seeking to entrap people attempting to buy those things?

Another item in the report is that stolen data has to be resold. That’s something North America has in common with Russia and China. People in North America are buying more than credit card data.

“They’re also stealing and selling credentials for streaming services like Spotify and Netflix accounts,” Budd said. “Online poker and Uber accounts too.”

Suppose you get malware on your PC. The person driving the malware sells those credentials on the underground. Someone who doesn’t want to pay ten bucks a month pays three dollars once and piggybacks on your account. Budd expects Netflix to begin taking measures that prevent and counteract such activity.

“That trend is a part of what we’re seeing globally, which is there is so much data stolen in the last couple of years that prices are dropping, because supply is so large,” said Budd. “My takeaway is that traditional credit card identity theft information is so plentiful it’s not worth taking. Criminals are looking for market differentiation where there is less pressure to keep prices down and therefore they can make less money. If this trend continues, we could arguably see a bottoming out of people stealing – not because security is better, but because it is no longer worth it.”

Once a thief has a stack of your goods back in his hideout, he can examine it to see what he how much he can sell it for. Online poker and streaming services credentials represent the next stage of evolution of the underground economy.

“It’s clear that these underground marketplaces are maturing, iterating, borrowing practices from legitimate businesses – shopping carts, ratings – all of these tell me they’re not going away,” Budd said. “Witness Silk Road 2.0 being erected within weeks of the feds taking down the original Silk Road. Criminals will adjust their prices to reflect the risks they face, but so long as we have the web you’re going to be facing the underground marketplaces. I don’t see the Deep Web disappearing, because it’s an organic inseparable part of the Internet.”