Symantec on Monday released its Report on the Underground Economy. The overarching takeaway is that the online underground economy has matured into an efficient, global marketplace in which stolen goods and fraud-related services are regularly bought and sold. It estimated the value of goods offered by individual traders in the millions of dollars.

"As evidenced by the Report on the Underground Economy, today's cybercriminals are thriving off of information they are gathering without permission from consumers and businesses," said Stephen Trilling, vice president, Symantec Security Technology and Response. "As these individuals and groups continue to devise new tools and techniques to defraud legitimate users around the globe, protection and mitigation against such attacks must become an international priority."

Millions At Risk

Symantec observed trading in advertised goods with a potential value of more than $276 million in a yearlong period from July 1, 2007, to June 30, 2008. Symantec determined the value by the advertised prices of the goods and services and measured how much the advertisers would make if they liquidated their inventory.

Credit-card information is the most advertised category of goods and services in the underground economy, accounting for 31 percent of the total. The potential worth of all credit cards advertised during the reporting period was $5.3 billion, according to Symantec. The security firm suggested that credit cards are the most popular because they are regularly used for online shopping and it's difficult for merchants to identify and address fraudulent transactions before goods are delivered.

At 20 percent of the total, the second most common category of goods and services advertised was financial accounts. While stolen bank account information sells for between $10 and $1,000, the average advertised stolen bank account balance is nearly $40,000, according to Symantec, and the worth of the bank accounts advertised during this reporting period was $1.7 billion. The potential for high payouts and the speed at which payouts can be made contribute to the popularity of this category.

A Criminal Business Model

During the reporting period, Symantec observed 69,130 distinct active advertisers and 44,321,095 total messages posted to underground forums. The potential value of the advertised goods for the top 10 most active advertisers was $16.3 million for credit cards and $2 million for bank accounts. What's more, the potential worth of the goods advertised by the single most active advertiser identified by Symantec during the study period was $6.4 million.

When you look at financial fraud, you have to look at it from a business model, according to Ken Dunham, director of global response for iSight Partners. That, he said, is because it is a business.

"This is not just a bunch of loosely affiliated hackers. In some cases they have very well organized and sophisticated criminal groups," Dunham said. "In other cases we have people who specialize in their services, and it's not just little one-offs by kids like we used to see. we are talking about millions and billions of dollars of fraud by highly organized groups. These people know how to work the streets of the Internet."