(Bloomberg News) In mid-September, a European hacker nicknamed Poxxie broke into the computer network of a U.S. company and, he said, grabbed 1,400 credit-card numbers, the account holders' names and addresses, and the security code that comes with each card.
With little trouble, he sold the numbers for $3.50 each on his own seller's site, called CVV2s.in, to underworld buyers who have come to trust the quality of his goods, he said.
"The main thing in any business is honesty," Poxxie said, without any trace of irony.
The Traverse City, Michigan-based Ponemon Institute, which researches data security, estimates that thieves annually steal 8.4 million credit-card numbers in the U.S. alone. How do cyberbandits, who have turned hacking into a volume business, unload all those numbers? A lot like Amazon.com, it turns out.
Customers on CVV2s can search for card numbers by bank, card type, credit limit and zip code, loading them into a virtual shopping basket as they go. The site offers the ability to search by bank identification number. That means customers can choose cards by institutions known to have weak security, Poxxie said. CVV2s even has an automated feature that lets clients validate the numbers in real time, to make sure the bank hasn't canceled the card.
Sites like Poxxie's make up the cyberunderworld's version of a pirate's cove, offering their online booty at cut-rate prices. Hundreds of millions of dollars in stolen data are bought and sold in underground's chat rooms and forums every year, a fencing operation that becomes more robust annually, according to RSA, the security division of EMC Corp. CrackHackForum.com, one of the sites, even mimics EBay Inc., rating buyers and sellers with starred reviews.
$114 Billion A Year
Symantec Corp., the cybersecurity firm, estimates that cyberthieves steal data worth $114 billion a year. By comparison, the Federal Bureau of Investigation said the take from all bank robberies in the U.S. in 2010 was just $43 million. The global market in cocaine is an estimated $85 billion, according to the United Nations.
"The problem is getting worse faster than we're getting better," said Tony Sager, chief operating officer of the Information Assurance Directorate at the National Security Agency, which includes some of the U.S. government's best cyberexperts. "We're not keeping pace."
To look inside the cyberbazaar, to find details on prices and goods for sale, Bloomberg News gathered information through publicly available websites and in restricted forums, aided in this search by cybersecurity experts. Some of the information was provided through online interviews with participants, who protected their real identities as they discussed details on their lives and criminal operations.
How To Verify