Print 40 comment(s) - last by technohermit.. on Nov 28 at 1:26 PM

Symantec monitored user chats on IRC to compile a massive report giving statistics on the thriving black market of illegal internet activity.  (Source: Symantec)

Symantec also compiled a list of pirated software sales. Games topped the list in total downloads, while multimedia software came out on top for net revenue. The U.S. was the biggest uploader of pirated software, by far.  (Source: Symantec)
One of security's leading firms say that crooks are striking it rich in an underground market and becoming increasing cohesive

You hear about it on the news every day -- criminals and profiteers have made the internet into a war zone.  From bank intrusions, to assaults by massive botnets, to coordinated attacks by foreign nationalists, there seems to be no end in sight to cybercrime.

Indeed, the internet, according to Symantec, is becoming the high-crime district of the next century as hackers find themselves part of a thriving market with little fear of serious repercussions if they play it by the book.

The Symantec Report on the Internet Underground Economy, to be released today, details the hale and hearty internet black market.  A keystroke logger might run you $23, a host for your phishing scheme $10.  If you want a botnet, it will cost you $225.  Want a tool to crack bank security using a known vulnerability?  It will cost an average of $740, and could cost you as much as $3,000 for a good one.  However, for both the buyer and the seller, the reward for online crime is proving to be equally lucrative, according to Symantec's report.

For over a year, from July 1, 2007 to June 30, 2008, Symantec monitored cybercriminals on IRC channels and internet forums.  Through the extensive research, they generated one of the most cohesive pictures of the modern state of internet crime, including the tools used, the average prices, and even the flow of stolen financial information.

Credit card information was the most commonly requested good or service, accounting for approximately 30 percent of sales.  Bank account credentials were a hot seller, priced anywhere from $10 to $1,000 depending on the amount of money in the account and where it was located.

Apparently cybercrime does pay; Symantec found that sellers' total goods had a combined sales price of around $275M USD.  Adding in the extra income from emptying victims' accounts and maxing their credit cards, this total could soar to a $7B USD business.

Aside from tracking hackers and cyberthieves, the study also tracked another form of illicit internet activity -- software piracy.  The study tracked sales of pirated software between July and December.  The most commonly pirated type of software was desktop games, followed by utility applications and then multimedia software, such as photo editors, 3D animation, and HTML editors.

It appears that people within the U.S. are making most of the money off the sale of pirated software.  Of the underground sales, 41 percent were uploaded by people within the U.S., with Romania a distant second with 13 percent.  North America had by far the largest underground economy of servers.

One intriguing trend that Symantec noted was the rise of cybergangs in Russia and Eastern Europe.  These gangs typically consist of acquaintances met online and in IRC chats and were much more coherent and aggressive than their western counterparts.  For this reason Russia has often been cited as a haven for illegal internet activity.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

we need a treaty
By Gul Westfale on 11/24/2008 2:39:31 PM , Rating: 5
i think we need some sort of international treaty to deal with these people, they will only become stronger in the future. it is impossible to police an area in which you do not have jurisdiction, and since the internet can be accessed from anywhere in the world it would seem that the world needs some sort of treaty to fight this effectively.

i know the MPAA/RIAA and associated morons will use this report for their agendas, but the bigger issue here is the identity theft.

so i think countries should get together and decide to
create legislation in every country to allow police to investigate and arrest identity thieves.

RE: we need a treaty
By Klober on 11/24/2008 3:00:18 PM , Rating: 5
While I agree that this would be the ideal plan of action, I think it will be nearly impossible to follow-through on the treaty. First of all, good luck getting Russia, China and many of the Eastern European nations to sign on to the treaty in the first place. The second problem will be getting them to allow us to enforce it. As history has shown us time and time again - these specific nations tend to honor agreements only when it is in their best interest (to varying degrees depending on the country of course).

Do you trust Iran and North Korea to stand by any resolutions to which they agree? That's about how I feel about those countries, as well as the countries I listed. ;)

RE: we need a treaty
By nosfe on 11/24/2008 3:04:39 PM , Rating: 5
The second problem will be getting them to allow us to enforce it.

that's the second problem?

anyway, last i checked people can't even agree on what format the paper should be or how to measure temperature, good luck in convincing another country that your laws are better and that you should be enforcing them

RE: we need a treaty
By Gul Westfale on 11/24/2008 3:30:58 PM , Rating: 2
i know this will NEVER happen... but it will give western governments more excuses to enforce ever tighter controls over internet usage and personal freedoms, while claiming that they are doing us (and the MPAA/RIAA) a favour.

but i can dream, can't i?

RE: we need a treaty
By dani31 on 11/25/2008 3:56:01 AM , Rating: 4
The answer to internet crime is education.
People get robbed on the internet cause their mama and papa told them nothin about it.
My children will not get fooled, and they will pay for the software that they'll use.
Cracked software is good cause you can test it. Puts pressure on producers to make quality products and advertise right. Otherwise they hit and run (they do it already anyway, just think EA console ports to PC).

The second problem will be getting them to allow us to enforce it.
Typical narrow aggresive selfish american thinking.

RE: we need a treaty
By Myg on 11/25/2008 7:10:29 AM , Rating: 2
Thats what they said about teen sex/pregnency/STD's/etc...
(Sexual education)

We all know the only way to stem that is to teach Chastity, and God forbid we deny the pharma companies their condom/contraception margins!

You can fill someone's brain with all the information in the world, but that doesn't mean they know how to use it.

I say we teach proper things to tackle internet crime, like:

- Critical Analysis skills (Ability to pick apart whats being presented to you)
- Trusting your instincts (Using that God-given ability to feel that theres something "wrong" with the situation)
- How to ask for advice (Teach kids how to ask for advice/help from peers who are deemed wise and trustworthy [see first two])

RE: we need a treaty
By Ryanman on 11/25/2008 9:15:07 AM , Rating: 4
Actually, abstinence-only sex education is largely ineffective:

Chastity is BS.

RE: we need a treaty
By Ryanman on 11/25/2008 9:19:55 AM , Rating: 2
And I don't think that not telling kids about sex is going to cut down on contraception sales - I've only bought one pack of condoms my entire life, and I turn 18 in a couple days here. I'll definitely end up purchasing more when I don't want to knock up my wife.

RE: we need a treaty
By Myg on 11/25/2008 10:31:29 AM , Rating: 2
Chastity != not informing about details.

Just means informing about the greater purpose, meaning and worth to those details!

RE: we need a treaty
By Myg on 11/25/2008 10:28:57 AM , Rating: 2
Its the only ideal which does a knock-out punch to all the issues on the subject, so unfortunatly for you: it is the only solution.

Condom use/contraception just fights the problem (and at times makes it worse) while Chastity extinguishes the problem...

Chastity works; I've seen it in action in my life, dunno how they go about teaching it there, but it works absolute wonders for the people I know who subscribe to it!

Give it a try, you can call it "clean dating" if you so wish, but it makes life more fun, less attached and you dont age as quick :P

RE: we need a treaty
By Ryanman on 11/25/2008 12:19:29 PM , Rating: 3
Of course not doing anyone is the only 100% safe option. But how many people want to waste away their most sexually appealing years waiting for god's permission to have fun? In a monogamous, long term, loving relationship (which, given, is rare in teens but is what me and my sexually active girlfriend are in) there should be no problems. You say that religious dogma, the censorship of ideas, and sexual suppression are the only ways to effectively combat STD's and teen pregnancy - and you happen to be incredibly wrong.
It's completely off the point of this article of course. But don't respond to me three times with links to fear-mongering and zealotry.

RE: we need a treaty
By Myg on 11/25/2008 8:49:01 PM , Rating: 2
Well, im glad you agree; point proven :-)

(rest of your rely is just "wahh, I want it now" spoilt brat garbage, I know: I used to live/think that way too once. You can get over it, just need to try)

RE: we need a treaty
By djc208 on 11/26/2008 8:38:32 AM , Rating: 2
I used to live/think that way too once.

But there in lies the problem. You've reformed your ways, great. If you don't make it down that path then what?

Telling kids not to is fine. I'd agree that it should form the base point. But most kids won't make it, I saw many myself at that age that had promise rings and various other "commitments" to chastity that didn't make it.

Teaching the responsible way to have sex should you decide to is the next best thing. All or nothing is a horrible philosophy since statistics say most won't make it to marriage without having sex.

The big problem is responsibility, most people, let alone kids, don't think of the consequences and responsibility they take on when they decide to have sex. But our society isn't big on taking responsbility for our actions unles we have to.

RE: we need a treaty
By Myg on 11/25/2008 10:46:24 AM , Rating: 2
RE: we need a treaty
By technohermit on 11/28/2008 1:15:55 PM , Rating: 1
God's way of doing things sucks, for the most part. Apparently he left the teaching up to the sinful, retarded creatures he created. Nice move for an all-knowing diety. God has no place in law. That is how we get into such nonsense all the time, these moral laws. Teen sex and pregnancy cannot be controlled by the fear of God. If it could it wouldn't happen.

RE: we need a treaty
By marvdmartian on 11/24/2008 3:43:01 PM , Rating: 2
A SEAL team might be cheaper. Go in silently, whack the fool, leave silently. Once you do that a couple dozen times, they'll get the message! ;)

RE: we need a treaty
By Adonlude on 11/24/2008 4:20:15 PM , Rating: 4
Nah, our technology is better than that. No need to use real people. Fix a GPS location, push a little button, a high speed rocket powered "hostile packet" should arrive in a few minutes to provide them with a more convincing BSOD.

RE: we need a treaty
By snownpaint on 11/24/2008 5:03:52 PM , Rating: 2
Why do it that way? If the hacker has internet, then he/she is probably at an address. FedEx delivers. Priority Package for hacker. NSA says "oh-no another mail bomber, get the FBI on it".

RE: we need a treaty
By pxavierperez on 11/25/2008 4:55:59 AM , Rating: 2
But any of those two solutions can easily be traceable and could have a high collateral damage count. This would be problematic dealing with foreign countries. Sending in a team of SEAL operatives still is a better strategy.

RE: we need a treaty
By Jovec on 11/24/2008 4:43:56 PM , Rating: 2
It's probably better to punish software vendors for the bugs and exploits that allow much of this to happen in the first place along with businesses that employ faulty security practices. We need to curb two disturbing trends:

1) Software is increasing complex and will continue to be yet developers understand their own software less and less.
2) Companies fail to use the full range of security measures available to them and/or fail to use them correctly from IT admins down to customer service employees falling for social hacks.

RE: we need a treaty
By rudy on 11/25/2008 1:13:46 AM , Rating: 2
If the majority of crime according to the report comes within the US there is not need for a treaty just better enforcement here. The other thing is 7 billion is a drop in the bucket compared to a bail out lol, or a single drug lord can be worth 7 billion himself. Americans are generally concerned with 1 issue at a time.

By isorfir on 11/24/2008 2:41:27 PM , Rating: 5
This may be true, but it’s hard to take it seriously when it it’s presented from a company that directly profits from “protecting” us from these activities.

“Hey, I just wrote a report about the increase in bombs. Would you like to buy this bomb detector?”

RE: Fish
By Truxy on 11/24/2008 3:16:32 PM , Rating: 4
Agreed, and further, what software pirate pays for downloading pirated games/software? I don't get how they figured people were paying $50 to download a pirated copy of a game or software. Are they saying people are stupid enough to go into IRC and pay for a pirated piece of software thinking that it's a fully legal copy? I'm confused, it's a complete contradiction... way to jump on the bandwagon Symantec, a little too late and misguided though.

It appears that people within the U.S. are making most of the money off the sale of pirated software.

RE: Fish
By tastyratz on 11/24/2008 4:30:27 PM , Rating: 2
Whats happening is Joe Schmoe is going online, and finding a website offering a copy of photoshop in downloadable form for only $40. He generally thinks "boy that's cheap I recon I can get it there"

The majority of computer users aren't savy enough to figure out keygens/cracks/patches/etc. - nor know where to look for them. When these sites are found through a google search they just look like a really good deal to them.

RE: Fish
By inighthawki on 11/24/2008 4:36:05 PM , Rating: 2
I think they mean more along the lines of pirating a copy of photoshop and selling it to people for like $30. Or even selling desktop computers with pirated copies of windows, which then allow them to make profits by not paying for windows in the first place.

RE: Fish
By Diesel Donkey on 11/24/2008 4:39:16 PM , Rating: 2
People who don't know any better will buy from a fairly legit looking "discount" software vendor. My own father bought a copy of Adobe Acrobat Pro from one of these online stores, and he paid about $65 for it, I think. Of course the confirmation e-mail he received was written in broken English and the software was obviously (to me) the same cracked version you would find on the Pirate Bay or something. Without realizing it, he paid a pirate to do his dirty work for him.

RE: Fish
By Truxy on 11/25/2008 9:01:08 AM , Rating: 2
Fair enough, but from the article they didn't mention anything like that. If they did base their data on it I think they should have mentioned it. What they said was:
For over a year, from July 1, 2007 to June 30, 2008, Symantec monitored cybercriminals on IRC channels and internet forums.

In my opinion anyone who uses IRC to find software knows what they're there for... they won't be getting tricked into buying false copies.

Symantec is also grouping software pirates into the same group of people who steal identities and drain unsuspecting peoples bank accounts. Fear mongering at its best.

RE: Fish
By Diesel Donkey on 11/26/2008 12:48:36 AM , Rating: 2
OK, now I see where you're coming from. Good point.

RE: Fish
By StraightPipe on 11/24/2008 5:05:34 PM , Rating: 2
this report is soooo misleading.

symantec first talks about how much money pirates are making off software, then claim 40% of it is DL'd right here in the US.

But that implies that the people in the US are actually paying to DL software. They also come accross as implying that your average pirate is selling this crap.

I think it's time we stop calling casual file sharers "pirates" and leave that term for people who rape, pilage, and steal (or actually make money off someone else's works).

Obviously if you're burning DVD's and selling them you are a pirate.

If your watching DVD's and deleting them (or storing them for later use) you're not a pirate, you're an American.

You're one of the many who are fedup with the evil companies charging $1400 for Photoshop suites, $30 for a freaking BluRay Movie, and $60-80 for a video game. You're one of the many people smart enough to know better than forking over your hard earned money for all this crap.

RE: Fish
By cubby1223 on 11/24/2008 11:11:57 PM , Rating: 1
No, you are a pirate.

If you believe prices are too high, then you don't buy them, you don't download them . And if you still do, then accept the title of pirate and stop yer bitching.

RE: Fish
By Myg on 11/25/2008 6:57:03 AM , Rating: 2
He just feels hes entitled to it...

RE: Fish
By Alexstarfire on 11/26/2008 2:20:38 AM , Rating: 2
I really don't think that was his point. I think his point is to say that while many Americans do some casual pirating it's not them that's causing the "big problems." I do find it funny that they say games are a very small portion of the losses they calculated. That's not to say that they couldn't have just found the places where multimedia piracy is more common though.

Anyways, he was just trying to say that those that sell the pirated software by the thousands are the ones that cause all of the problems, ie China.

RE: Fish
By SavagePotato on 11/24/2008 3:27:51 PM , Rating: 3
That's the truth, one of the richest "online crooks" is Symantec.

Every day I curse Symantec as joe users call in in droves wondering why their computer is slow and their internet doesn't work after having just installed norton 360 or norton this or that.

I think they named it norton 360 because it F*#^'s you from 360 degrees at the same time.

By EricMartello on 11/25/2008 2:27:07 AM , Rating: 2
Sounds like Symantec is feeling the bite of this crap scare tactics to drum up demand for their software. Hey...whatever works, but don't think that this report is shedding light on anything that hasn't been know for years now. It's kinda like looking under your fridge and discovering how dirty it is under there, then getting all worked up about it...only to realize that it has been that dirty for the past 10 years.

RE: Advertorial?
By technohermit on 11/28/2008 1:26:18 PM , Rating: 2
Maybe, and they for got to mention all those hacked keylogged, malware-ridden, ghost boxes were all protected by Norton Internet Security. Symantec sucks! If you:
A) watch porn ("free" porn, anyway) and,
B) you do your banking on the same computer and,
C) you are using Norton to protect your vitals, then
D) you can probably buy your banking info on an IRC channel.

Symantec can tell you which channel they saw it on!

By StraightPipe on 11/24/2008 5:07:51 PM , Rating: 2
Norton GangBang Suite

"we've got your holes covered...all of them"

Anf they say it was chinesse
By nangryo on 11/24/2008 8:46:16 PM , Rating: 2
It appears that people within the U.S. are making most of the money off the sale of pirated software. Of the underground sales, 41 percent were uploaded by people within the U.S., with Romania a distant second with 13 percent. North America had by far the largest underground economy of servers.

So..., who's the biggest pirate now huh? (At least for international sales, not for domestic uses)

By highlandsun on 11/24/2008 9:12:11 PM , Rating: 2
what banks do the pirates use to keep their profits?

By SuinusLatinus on 11/25/2008 11:21:37 AM , Rating: 2
As history has shown us time and time again - these specific nations tend to honor agreements only when it is in their best interest (to varying degrees depending on the country of course).

Oh, like the US is always doing...

why not list the titles?
By HighWing on 11/25/2008 1:05:33 PM , Rating: 2
The most commonly pirated type of software was desktop games,

ok we are all thinking it.... "SPORE!!"
I'ld love to see if that game was at the top of the list

"And boy have we patented it!" -- Steve Jobs, Macworld 2007

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki