It has been a quite interesting week for me. Believe it or not, I don’t get the opportunity to speak on two national (Radio 1 and BNR) radio broadcasting channels every week. The reason for this sudden interest? Trend Micro’s research on identity theft and the Deep Web, which made quite an impression. So of course I want to share this with our loyal audience as well.
Once in a while, we like to find out who our enemies are. That’s why some of our researchers venture themselves into the dark unknown areas of the internet, where only cybercriminals dwell and sell. These areas are commonly called ‘the Dark Web’ or ‘the Deep Web’.
Our researchers thoroughly investigated this Deep Web: what can be traded in the online underground markets? How much do these products and services cost? The investigation has provided us with lots of answers. We know now, for instance, how much your identity is worth. If you are Belgian, your identity is worth exactly 700 euro.
Really: anyone (with access to this Deep Web, that is) can purchase a Belgian identity for that price. If you pay 700 euro, you can purchase a ‘full identity kit’, consisting of a Belgian passport, driver’s license and ID card. Regardless of what you think of the price (and of the observation that we are apparently worth 200 euro less than an American citizen) it is amazing how easy it has become to obtain a false identity.
Cybercrime a commodity
Not only are the stolen and/or illegal goods easier to come by than before such on online underground market existed. It has also become a lot easier to become a professional cybercriminal than ever before, thanks to that same underground market. Our own security guru, Rik Ferguson, has illustrated in his blog, The Lone Rangers of the Underground, how two Nigerian scammers have earned money from SMB’s worldwide using a simple keylogger they could purchase on the underground market for a mere 35 US dollar.
Some other examples: Frapstar, a lone operator from Canada, made a profit out of selling stolen personal information. In Brazil, LordFenix made loads of money with his own home-grown horde of banking Trojans, each valued at over US$300. Similarly, AlejandroV managed to steal 22,000 unique credit card numbers with his point-of-sale (PoS) malware named FighterPoS.
These are all examples of enterprising, often very young, individuals who have become very skilled in making huge profits with very affordable cybercriminal products and services. Cybercrime has become a very democratic area, available to anyone interested. And we can only guess how many youngsters are thus developing into the next generation of cybercriminals.
The good news is: we are also continually getting better at recognizing cybercrime and tracing cybercriminals. And we are getting better at working together more effectively as well. Law enforcement is working better with vendors of security products and services. Governmental agencies fighting cybercrime are collaborating better, both on a national and on an international scale. This is a welcome but also much-needed improvement in a world where cybercriminals are increasingly neglecting borders as well.
I like to end with Rik Ferguson’s words at the end of this blog: “We are becoming more effective at shutting down both the nascent and the established online criminal operations. We still have a road to travel, but we’re headed in the right direction. In the words of Liam Neeson (addressed to the criminal): we will find you.”