Open Access Publisher and Free Library
01-crime.jpg

CRIME

CRIME-VIOLENT & NON-VIOLENT-FINANCLIAL-CYBER

Examining the Structure, Organization, and Processes of the International Market for Stolen Data

By Thomas J. Holt and Olga Smirnova

As consumers and businesses have come to rely on computers and the Internet to buy and sell, manage finances, and retain customer information, opportunities for financial data theft and fraud have skyrocketed. Recent evidence suggests that cybercriminals often buy and sell stolen credit card, bank and online account data through online discussion forums.

A Michigan State University study examined how cybercriminals use international Web forums as advertising spaces for buying and trading stolen financial information, especially credit cards. Researchers analyzed almost 2,000 discussion threads from 13 easily accessible Web forums, 10 of which use Russian as their primary language and three of which use English. The study found that cybercriminals often group information from tens to hundreds of bank and credit card accounts into “dumps” that they then sell for an average of $100. Dumps were the most common product sold (44.7 percent), followed by CVV (card verification value code) data from credit cards (34.9 percent), and various forms of electronic data, such as eBay and PayPal account information (1.4 percent).

  • Most of the data came from continental European nations, but much also came from Canada, the United States and the United Kingdom. The more data available from a country, the lower the price. Bank account data from the European Union, for example, sold for about $4, whereas data from the U.S. sold for about $5.

    The forums are particularly collaborative and social in nature, unlike traditional crime networks, such as the Italian Mafia or Yakuza. Participation costs little, and cybercriminals of various skill levels can find the products and services they want through a range of sellers.

    The lack of hierarchy suggests that law enforcement attempts to target individuals would cause little disruption to the overall network. Instead, the study proposes that one of the most effective mechanisms to disrupt the sale of stolen data may be law enforcement investigation into the payment systems the criminals use, such as WebMoney and Liberty Reserve.Description text goes here

East Lansing, MI: Michigan State University, 2014. 156p.