Underground Economy: Cybercrime on the Internet

by francine Hardaway on December 12, 2009

Over a fancy lunch today in a Scottsdale, AZ restaurant filled with other people’s office Christmas parties, I heard a hair-raising presentation about an Underground Economy of organized criminals and cybercrime on the internet.

The speaker, the owner of Packet Forensics, a company started in 2002 to provide dedicated equipment for cyber-surveillance to telecom companies, ISPs, governments, and law enforcement, is an expert in cybercrime who probably realized a market need after 9/11.

But the long and short of it is that cybercrime started long before that. In fact, it probably started with the law firm of Cantor and Siegel in Phoenix, which in the early days of the internet spammed usenet groups to encourage people to apply for green cards through its law firm. That was the beginning of spam.
By 1997, spammers were using Internet Relay Chat channels to trade software hacks. The hacks were often created by kids who were paid in bicycles, computers, and other small items for their work.

The turn of the new century saw the first use of bots and DDOS attacks on sites like Amazon and EBay around Christmas, and by 2002 spammers had discovered that hackers could sell them bots to automate their efforts.

Organized crime, in the form of the Russian mafia, entered the spamming world in 2003, and quickly organized cyber criminals in nations like Estonia, Georgia, and Kyrzgyzstan, where cyberattacks were part of a plan to force a political agenda

Although spam, organized crime’s first venture, doesn’t seem too harmful right now, by comparison, cyber crimes can melt down entire systems (power generators), and phishing scams steal $2.2 trillion annually according to Interpol.

The underground economy of organized crime on the internet mirrors how business is done in the “real world.” Underground, criminals sell both products and services: they sell lessons in hacking, knowledge and information, passwords, and credit card information. A single criminal stole $170 million in credit card records from TJ Maxx; twelve million account transactions were sniffed from Dave & Buster’s restaurant chain. [Update: the TJ Maxx thief was apprehended.]

Criminals also sell appliances, drugs, guns, and passports on web sites, IRC channels, IM and jabberLive sites.

The talk got worse when the speaker began to show us live sites and the activity occurring on them in real time. One site, Unknown.ws (do not click on this, because your visit will be logged forever more) hosts online forums that are like matchmaking services. Hackers advertise such products as credit card information in various formats. In one, a guy sells “dumps” — which are copies of all the information you have on your credit card. The price of the average credit card record has fallen in the forums to $10 a record ($40 for Amex cards), and they are sold in bulk. Sophisticated purveyors of information give free samples, and illustrations. They’re just the hackers, after all; they don’t use the cards to buy anything after they steal the information, so they face a very low level of risk. Today we also saw eBay and PayPal information going for $6.00 a record.

These sellers of this information can’t be tracked down in the event that identity theft occurs, because there are 35,000 users in this forum and you don’t know which one did it. The records are sold by a hacker for small amounts of money, but the Russian Mafia people who buy it make the big bucks.

Like most of the internet, the underground economy has a highly evolved reputation and trust network underground. There is, indeed, honor among thieves, as Packet Forensics has discovered by intercepting the private DMs and iMs of these people. They often use have their own payment system Webmoney , which is like a Paypal alternative.

The speaker showed us a brisk trade in malware and Trojans, most developed in Delphi or Visual Basic.The sellers have official return policies, just like any other sellers. Other products for sale include ATM skimmers (you put them on an ATM machine, they can’t be detected by users, and they collect the data from every card using the machine) that can upload information wirelessly, fake Amex and Citicard blanks that can be printed with your own embossing machine, and other hacker tools like “packers,” pieces of code that prevent anti-virus software from detecting malicious code.

What’s the effect of all this cybercrime: it’s simple.These criminals are wiping out major financial institutions one transaction at a time.

The most dangerous way they are doing it isn’t by selling your information. That affects mostly individuals. But to affect businesses, they use ACH fraud.

With this “little” technique, criminals compromise your business bank account and transfer your next payroll money out at 4:55PM when you’re not likely to notice it’s gone. They transfer the money to a phony company account at another bank. A clearing house, ACH, clears the transaction overnight, so it appears in the phony account at 9AM the next morning.

They then use this phony company to employ people to “work from home” accepting wire transfers and sending them to other fake companies by Western Union. Each “employee” only transfers a sum under $10,000 so it doesn’t get caught by the IRS or the banking rules.

By the time you find out the next morning that the money’s gone from your account, it has been cut into less-than-$10,000 pieces and transferred at least twice. That makes it almost impossible for your bank to retrieve.

This gambit started only about ten months ago, and many banks just self-insure eat the money when they find out it is gone, because you are a good customer and they don’t want to lose you. But then the fraudster does it again, small banks can’t afford to eat it. In Bullitt County, KY, the school district lost $415,000 in funds before the fraud was detected; it was perpetrated by criminals in the Ukraine . Read the link to Brian Krebs’ Washington Post story.

“the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county’s payroll to accounts belonging to at least 25 individuals around the country (some individuals received multiple payments). On June 29, the county’s bank realized something was wrong, and began requesting that the banks receiving those transfers start reversing them, Sholar said.

‘Our bank told us they would know by Thursday how many of those transactions would be able to be reversed,” Sholar said. ‘They told us they thought we would get some of the money back, they just weren’t sure how much.'”

That’s because, although individuals have 30 days to question or dispute a bank transaction, businesses have only 24 hours.

Here’s your takeaway from all of this: 1)get a service like Lifelock . Although Lifelock doesn’t do anything fancy, it takes care of things most consumers don’t spend the time to do themselves. And tell your bank not to let any money be automatically wired out of your account unless the recipient is on a list you have provided the bank.

And show some respect for the Underground Economy. It’s better than the AboveGround Economy right now.

{ 3 trackbacks }

How To Make Money Online as a Freelancer: Earning Online as a … | eMoney Insights
December 13, 2009 at 8:03 am
Underground Economy: Cybercrime on the Internet | Cybernitions
December 14, 2009 at 11:59 am
Book | Xaggle's Blog
May 13, 2010 at 12:07 am

{ 12 comments… read them below or add one }

Mark Herpel December 12, 2009 at 2:56 pm

“These criminals are wiping out major financial institutions one transaction at a time.” in case you did not realize it, you just described Wall Street.

I'm not sure that you should phrase your wording like this statement, “They have their own payment system, Webmoney , which is like a Paypal alternative.” referring to the Russian Mafia or any criminal organization? That is NOT accurate and it is slanderous.

Shame on your for making such a statement and not phrasing your words more accurately. That sounds like a statement that would come from Hard Copy or TMZ.com

Last time I checked there were almost 10 million Webmoney accounts in use, the company is the largest player in the Russian e-money market, a member of the Electronic Money Association & additionally the company has been in business for 11 years with customers in over 8000 cities throughout 70 countries around the world.

Certainly the operator of Packet Forensics knows exactly what he is talking about when he discusses online criminal antics or the misuse of any online payment system by a few criminals, however, I think you have phrased your words incorrectly. You might want a disclaimer after that sentence.

You also failed to mention that the gov. has arrested the hackers responsible for that TJ Maxx theft[kudos to the gov] along with many others involved (recently extraditing them from overseas to the US for prosecution) or the fact that a good bit of their illegal proceeds was funneled through Western Union. Lately the gov has been nailing a lot of those carder scumbags!

As long as you are playing with words so fast and loose, I guess in your next article, perhaps you might refer to Western Union as the Mexican Mafia's own payment system?

Mark Herpel

hardaway December 12, 2009 at 4:38 pm

Thank you, Mark. I apologize for the reference to WebMoney, which I had
never seen before. I know only what the speaker told us, and what I saw when
he demonstrated those live sites: criminals were indeed asking for Webmoney
or Western Union transfers. I will change the body of the post to reflect
the fact that Webmoney is a legitimate Paypal alternative.

webmaven December 12, 2009 at 5:02 pm

Most of the 'cyber-security' consultants, services, and vendors (including most of those with the ear of the government) are selling nothing more than snake oil. Always take what they claim with a huge grain of salt, just as you would anyone advocating for tougher criminal penalties when they make money off the prison-industrial complex.

For some additional perspective, you might take a look at this article about how e-gold got shafted by the feds: http://www.wired.com/threatlevel/2009/06/e-gold/

Another good source is Bruce Schneier: http://schneier.com/blog/

His 'doghouse' posts are particularly relevant to this discussion: http://www.google.com/search?hq=inurl:www.schne

Eight Women Dream December 13, 2009 at 12:05 am

Wow. Can I say WOW again. Our website was hacked and I have been thinking about all of this since then. Luckily I didn't have anything that a thief could steal except for making a mess of two sites and the cost of time spent fixing it and plugging the hole.

This article is chilling. I am thinking maybe I should have studied Internet Security . . .


call center philippines April 28, 2010 at 8:52 pm

Spamming, phishing and illegal hacking are some examples of cybercrimes. Most of the people do this for money, including bank accounts, while some of them do cybercrimes just to be famous. Thanks for the information. I learned a lot on this post. Great blog.

philippine call center May 27, 2010 at 12:47 am

There are so many hackers today. For those who have online bank accounts it is important to be aware and to be careful. Clear the history of your browser and make sure you log out. Thanks for sharing this info.

Maverick Moneymakers Review June 11, 2010 at 3:57 am

hello, it is most popular site!

Maverick Moneymakers Review June 11, 2010 at 10:35 pm

i think there are more good link!

Maverick Moneymakers Review June 12, 2010 at 5:35 am

i think there are more good link!

hardaway June 12, 2010 at 4:29 am


Francine Hardaway, Ph D

hardaway June 12, 2010 at 11:29 am

DeletrnrnFrancine Hardaway, Ph DrnGV: 816.WRITTEN

Seema Saiyom July 21, 2011 at 9:47 am


i thinks this is the best blog for everyone who is interested ..



Leave a Comment

Previous post:

Next post: