The Underground Bits Economy
Thursday, April 10th, 2008 by Hal AbelsonOne sign of a maturing industry is the development of aftermarkets. First there were cars, then there were used car dealers. And first there were bits, and then there were … used bits dealers? Some used bits transactions are legit, if possibly annoying. You give Sam’s Health Foods your email address so Sam can confirm your order for organic bean sprouts, and the next thing you know, you are receiving emails from Mary’s Gardening Tools. Sam decided to share his email address files with Mary, and Mary thinks that bean-sprout-eaters are more likely than other people to be gardeners. Of course, this is the kind of “sharing” that puts a few bucks in Sam’s pocket.
Other used bits dealers are like the people who steal catalytic converters and fancy headlamps from late-model cars and then sell them on the black market. There is a robust underground economy in bank account numbers, credit card numbers, eBay accounts, and even full identities. According to Symantec Global Internet Security Threat Report (downloadable free here), the going rate for bank account numbers is $10-$1000, while credit card numbers are $0.40-$20.00 each (but are usually sold in bulk). Bank account numbers cost more, because getting money from a bank account is quicker and, if properly done, leaves fewer fingerprints than converting a credit card number to cash. Identities go for $1-$15, but EU identities cost more than US identities, perhaps because of rising demand.
It’s a fascinating report. Symantec is in the security business, but many of the trends and recommendations are of general interest, unrelated to Symantec’s products. For example, the robust market in bank account and credit card numbers has made services like Paypal increasingly popular. Such electronic payment systems are guaranteed against misuse and they do not require revealing any financial information to the online store.