The cyberunderground thrives because of anonymity: Hackers can devise any persona to conduct business and use a variety of technical tricks to hide their tracks. Their stories were verified to the extent possible by security experts who have watched the careers and methods of specific hackers for years.

As recently as 2008, the fight between those who protect computer networks and those who attack them was about evenly matched. That's no longer the case, according to the cybercops. The defenders are losing the battle because of a combination of their opponents' technical achievements and rapid advances in a global supply chain of theft.

In 2009, Symantec cataloged 2.8 million new viruses infecting computers. A year later, that number had jumped to 286 million. One reason for the hundredfold growth is that sophisticated viruses now change their digital signatures as they infect new machines. Because anti-virus software uses a catalog of known signatures to stop infections, the dominant cybersecurity technology in many cases is useless as a result.

Cheap Malware

Some of the market's most advanced malware -- stealth software that steals data or lets hackers take remote command of a computer -- can be bought for a few thousand dollars. Sophisticated spam operations implant the malware in computers for pennies per victim.

Black-market vendors test malware against the latest anti- virus programs; provide hosting for command-and-control servers in countries that can't be touched by U.S. law enforcement; or start a directed denial-of-service attack on a commercial or other website priced by the number of hours the site is down.

One enterprise, advertised recently on the Israeli forum SecondZion, has created a language-aid call center for hackers who need to pose as U.S. bank customers or communicate with a German-speaking money mule, as currency transporters are called. The hackers provide a script; operators do the rest. "Good afternoon, ladies and gentleman crooks," the site says, noting that its translators are "all operators with extensive experience." Two users followed up with comments praising the service as excellent.

Illicit Chat Rooms

Distribution of goods and services is organized through thousands of illicit chat rooms and invitation-only forums. Some are publicly accessible: Any beginner looking to learn the basics of a so-called SQL injection hack -- a basic attack on the security of a website -- can join a forum like OpenSC and ask for tips. Others are private and access is strictly protected.

The most serious criminals congregate on forums such as Maza. Membership to the forum is granted only by a vote of all of its senior members and only after an eight-day waiting period, according to researchers who have tried to infiltrate it. Most deals done on the forum are large, so members use an escrow system. Cash or goods are held either by a trusted senior hacker or one who has retired from the business. In a criminal world in which conspirators almost never meet and trust is in short supply, the escrow system has evolved as a way for elite hackers to do big business.

'Five Figures'

"Most of the transactions of in those forums will be in the five figures," said a security investigator who has infiltrated several such forums. "The escrow system is the only way to make those transactions viable."

Public hacker sites, including CrackHackForum and HackForums, usually have rules against selling stolen data. Enforcement of sales postings is often weak and varies widely.

First « 1 2 3 4 5 6 7 » Next