Cyber crooks are shifting their sights from stealing credit card data to the theft of personal medical information as they battle commoditisation and pursue more profitable criminal enterprises. Cyber crime organisations are also developing complex networks of hackers to shield crime bosses and employ sophisticated pricing models for personal data.
The insights into the web's darker recesses were issued as part of a report from Israeli internet security operator Finjan that was compiled following a lengthy investigation into the cyber crime market.
"Over the course of the past 18 months we have been watching the profit-driven cyber crime market maturing rapidly," Finjan chief technology officer Yuval Ben-Itzhak said.
"It has evolved into a booming business, operating in a major shadow economy with an organisational structure that closely mimics the real business world.
"This makes businesses today even more vulnerable to cyber crime attacks, especially considering the maturity of the cyber crime market and the well-structured cyber crime organisations."
According to Finjan, loosely organised groups of hackers have given way to tiered crime syndicates that include specialists who source malicious software programs known as trojans that hide in computer programs to gather personal data.
The trojans are deployed by attack campaign managers who maintain their own affiliation networks that can be used to spread a trojan or any other piece of malicious software to computers connected to the internet.
Stolen data is resold by online fences, while the leader of the online crime syndicate maintains a safe distance from any direct criminal actions. The stolen data, meanwhile, is priced according to its rarity and the profitability of any crimes it can be used to commit.
According to Finjan, the level of competition in the internet underworld has become so intense that the prices charged for some types of information are tumbling.
For instance, credit card account information and personal identification numbers that once would have garnered an enterprising online thief about $US100 now sell for between $US10 and $US20.
At the other end of the scale is personal medical information, which is highly sought after because it is difficult to come by and can be used to perpetrate insurance fraud and facilitate illicit trade in medications.
Cyber crooks will pay similarly well for gold, platinum and corporate credit card numbers because of the higher credit limits the accounts carry.
Finjan said the data, which in the case of credit card numbers is sold in batches, was often sold with a guarantee and that hackers would replace numbers that were reported stolen or didn't work.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.