Cybercrime as a business: The digital underground economy

The Hague, the Netherlands
6 January 2011

The personal data of EU citizens is a valuable illicit commodity that is being traded in a criminal digital underground economy and turned into cash, reveals Europol’s new iOCTA* report. And, whilst the value of the cybercriminal economy as a whole is not yet known, one recent estimate of global corporate losses stands at around €750 billion per year (source: McAfee).

Stolen personal and financial information which is used, for example, to fraudulently gain access to bank accounts and credit cards, or to establish new lines of credit, has a monetary value. Criminals are trading credit card data for up to $30 per card, bank account information for between $10 – $125 and even your email account data is worth up to $12 in this sophisticated and self–sufficient economy. Criminals are not only interested in details of credit cards and compromised bank accounts, but also our addresses, phone numbers, social security numbers, full names and dates of birth.

All of this stolen data is retailed in the criminal underworld, which is driving a range of new illegal activities, including crimeware distribution and the hacking of corporate databases. This is backed up by a fully–fledged infrastructure of malicious code writers and hackers, specialist web hosts and leased networks of thousands of compromised computers which carry out automated attacks online, to access and steal personal data. As this underground economy has grown in sophistication, ‘service providers’ have also emerged who offer payment card verification number generators.

Organised crime groups benefit from globalisation, moving to different countries and even different continents to withdraw cash using counterfeit (skimmed) cards. They also use these counterfeit cards to make purchases online, such as transport and accommodation. ‘Mules‘ are recruited via employment search websites and social networking sites to help ’cash in‘ stolen personal and financial information. As the individuals tasked with turning data in hard cash, mules are the visible face of cybercrime.

Cybercriminal groups often have no obvious leadership but divide labour according to technical abilities, with most members only knowing each other online. Therefore, online forums are essential tools for the digital underground economy to recruit and make introductions, enabling criminals to swarm together to work on specific projects. These forums are also where crimeware components are advertised and budding cybercriminals learn their trade through tutorials. The high–tech skills required mean that those involved in cybercrime rarely fit the traditional profile of transnational organised crime groups. These cybercriminals are usually young, highly–skilled individuals, under the age of 25, and often recruited from universities.

Europol’s iOCTA: Selected findings and recommended actions

  • EU Member States already rank amongst the most highly infected countries in the world when it comes to computer viruses and malware. As internet connectivity continues to spread, EU citizens and organisations will be subjected to more cyber attacks, and to attacks from previously underconnected areas of the world. Combating cybercrime will therefore require new international strategic and operational partnerships.
  • Active partnership with the private sector is essential, not only to share intelligence and evidence, but also in the development of technical tools and measures for law enforcement to prevent online criminality. The academic community also has an important part to play in the research and development of such measures.
  • Because of the global reach and scale of internet facilitated organised crime, its disparate nature, and the unprecedented volumes of data involved, centralised coordination of intelligence gathering, analysis, training, and partnership management is required at an EU level, to ensure that Member States and EU agencies make the most effective use of resources. The establishment of a European Cybercrime Centre, as outlined in the recent Council conclusions on cybercrime and in the EU’s Internal Security Strategy, will be an important and timely step forward.
  • Awareness raising on individual and corporate user responsibility are key to combating cybercrime. EU–wide awareness raising and points of contact are required for a range of issues, including illegal downloading, social engineering, payment card security, securing wireless internet connections, and the risks to children. The use of crowdsourcing to gather intelligence on cybercrime from internet users should also be considered.

Europol’s role in the fight against cybercrime

  • Europol is the European Union law enforcement agency. It plays a key role in the European Cybercrime Task Force – an expert group made up of representatives from Europol, Eurojust and the European Commission, working together with the Heads of EU Cybercrime Units to facilitate the crossborder fight against cybercrime.
  • By means of its cybercrime database, Europol provides EU Member States with investigative and analytical support on cybercrime, and facilitates crossborder cooperation and information exchange.
  • Strategic analysis of Internet Facilitated Organised Crime (iOCTA) assesses current and future trends in cybercrime, and informs both operational activity and EU policy.
  • The Internet Crime Reporting Online System (ICROS) and Internet & Forensic Expert Forum (IFOREX) are currently in development. These will provide centralised coordination of reports of cybercrime from EU Member State authorities, and host technical data and training for law enforcement.

*The full iOCTA will be made available on Friday, 7 January 2011 via Europol’s website.