Stolen bank data gets cheaper on Web: report

By Mark Trevelyan

LONDON (Reuters) - Prices charged by cybercriminals selling hacked bank and credit card details have fallen sharply as the volume of data on offer has soared, forcing them to look elsewhere to boost profit margins, a new report says.

Researchers for Finjan, a Web security firm, said the high volumes traded had led to bank and credit card information becoming "commoditized" - account details with PIN codes that once fetched $100 or more each might now go for $10 or $20.

In its latest quarterly survey of Web trends, the California-based company said cybercrime had evolved into "a major shadow economy ruled by business rules and logic that closely mimics the legitimate business world".

Finjan's Israel-based chief technology officer, Yuval Ben-Itzhak, said in a telephone interview that new types of stolen data were now commanding a premium, such as patient healthcare information that can be used for insurance fraud or to illicitly acquire and sell medicines.

Other premium data includes business information, company personnel files and intercepted commercial emails.

MAFIA STRUCTURE

The Finjan report, partly based on contacts the company established with five groups trading online in stolen data, described a Mafia-type cybercrime hierarchy in which bosses operate as business entrepreneurs and typically leave the actual online attacks to underlings.

An 'underboss', or second-in-command, provides the Trojan infiltration software for launching attacks. The workforce that carries these out is paid according to the rate of infections achieved and the country of origin of the infected computers.  Continued...