Monday, October 8, 2007

The price of your b@nk account: Just $440

07 Oct 2007, ST

Personal information pilfered by hackers can be sold and used for crimes like fraud and identity theft

By Loh Wei Loong

YOUR bank account might contain thousands of dollars, but in the black market, information on hacking into it is worth only about US$300 (S$440).

Credit card data goes for even less: Cyber thieves sell such details for just US$1 to US$6.

And information about your life, from birth date to credit card and identification numbers, sell for only up to US$18.

Welcome to the world of organised online crime and the underworld economy, in which details stolen by hackers are traded for a mere fraction of their worth.

Symantec and McAfee, two major security companies which distribute computer software that prevents hackers from accessing your computer, have been studying cyber crime trends, including identity theft, phishing and e-mail fraud.

Personal information can be obtained online by hackers in various ways - by installing key loggers onto your computer that track keyboard button movements to uncover passwords; or by using bots or programs installed in a computer to give control of it to an unauthorised user remotely.

A large number of these computers can then be used to launch cyber attacks onto others, or to harvest confidential information stored within.

Symantec tracked how information stolen is being traded, and details of the study show the blatant disregard hackers have for sensitive data.

Details of an online banking account with at least US$9,900 in it is worth only US$300 on the black market.

A list of 29,000 e-mail addresses costs just US$5, while a verified PayPal account fetches between US$5 and $500, depending on the balance in the account.

And for all those World Of Warcraft players out there, details of an active gaming account nets a hacker US$10.

When one considers that black markets normally trade such information in bulk, it means that hackers are constantly on the prowl for more ways to get more data to sell.

Although illegal, it is a lucrative business.

Just look at New Yorker Shiva Brent Sharma, who at the age of 20, amassed a cyber loot of US$150,000 before he was nabbed in 2005 for identity theft.

He bought stolen credit card accounts online and managed to transfer large amounts of money to himself. He once stole US$20,000 in less than 36 hours.

And while such crimes have generally been assumed to be concentrated in Western countries, there is evidence to show that Asia is fast becoming an attractive target.

'Online users in Asia assume they are not being targeted, but hackers don't care which country you live in. Everyone is a target,' warns McAfee's marketing director for Asia-Pacific, Mr Allan Bell.

A Symantec study found that an average of 15,447 active bot-infected computers per day are in the Asia-Pacific region, which makes up 29 per cent of the worldwide daily average of 52,771.

According to Symantec's consumer product marketing manager for Asia-Pacific, Mr Phil Hickey, 95 per cent of all online attacks are targeted at 'unsuspecting home users'.

He said: 'It goes without saying that criminals can buy all kinds of goods and subscribe to all kinds of services at your expense.

'But it's even more worrying to think that your identity can also be used in fraudulent activities, to provide a 'cover' for criminals.'

Protect yourself

DESPITE the ever changing methods hackers use to get information, the ways to protect your computer have not changed much.

Never download anything from an unverified source, never share sensitive information via instant messaging systems, and avoid storing such data on a laptop, which is easier to lose.

And while it might be attractive to download free anti-virus software, there is an advantage in using all-in-one security programs, including those provided by Symantec or McAfee, which include anti-virus, anti-phishing, anti-spyware and other useful tools in one handy package.

Symantec's new Norton 360, for instance, prevents phishing by actively verifying the origins of a website to ensure that the sites visited are not fraudulent ones created to obtain private information.

Another security tip is to always remember to update software definitions to ensure your computer is protected against the newest hacker programs.

Beware, too, of lulling yourself into a false sense of security.

A study by McAfee and the United States National Cyber Security Alliance discovered that while users felt keeping their computers safe was important and had taken steps to do so, the facts proved otherwise.

A large percentage of those surveyed owned expired anti-virus software, disabled firewalls and less than half of them had anti-spyware software. And for those who did, less than half actually installed it.

So which half are you? The half that has thousands in the bank, or the other half who stands to lose everything while a hacker makes US$300?


How much on the black market?

# Details of an online banking account with at least US$9,900 (S$14,600): US$300

# Information about a person's life, including birth dates, credit card and identification numbers: Up to US$18

# Credit card information: US$1 to US$6

# A list of 29,000 e-mail addresses: US$5

No comments: