/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsMichael Kahn
SAN FRANCISCO: Cyber criminals peddling illegal wares such as programs to hack into computers and stolen bank account numbers are moving to abandoned Web sites where their activities are harder to track, security experts say.
Dormant Web sites no longer monitored by administrators have in effect created hundreds of online bazaars for criminals, said Jim Melnick, director of threat intelligence for VeriSign Inc.'s security unit IDefense.
"I compare it to a low-income area where a landlord is not keeping up certain buildings, or the drug trade," he said. "If a person gets busted on one corner they will move to another."
Financial fraud cost consumers and businesses about nearly $15 billion in 2005 with some 10 million victims falling prey to identity theft, according to Avivah Litan of the market research firm Gartner. She said consumers recouped much of their losses, leaving businesses to pick up the tab.
Security experts say they fear cyber criminals in the market for stolen financial and personal information will soon shift their sights to the hard-to-track locations.
Making it more difficult for authorities, the advertisements for stolen software or personal information often appear on Web sites that typically raise little suspicion.
For example, the message board for Boston-based band Beatsoup included dozens of postings offering hacking programs, stolen software and in some cases advertisements for credit card numbers and online banking logins.
An active link for the Grand Rapids, Michigan-based Christian Rock group Sojourn contains postings encouraging users to download something called Paypal Database Hacker v1.5. Another reads: "USA Citibank, HSBC and Paypal account forsell!!!"
Administrators of the two Web sites and representatives of the bands could not be reached for comment.
IDefense's Melnick said he expected more underground users to flock to these forgotten sites after a government crackdown last year sent cyber criminals searching for other places on the Web to sell their goods.
Johannes Ullrich, chief research officer at the nonprofit Sans Institute research group, said criminals can take over an ignored or abandoned site and sit on it for months or even years before someone stumbles upon it.
Locating owners of abandoned sites to find who may have posted or to remove the logs from the site is also difficult, he said. And when authorities shut down a site, criminals simply set up shop someplace else.
"It is a big problem," Ullrich said. "There is not much you can do. It is like whack the mole."
Security experts attribute the appeal of abandoned or ignored sites to a U.S. government crackdown in October 2004 that shut down several criminal Web sites set up specifically to traffic in stolen financial information and documents.
That year-long undercover sting dubbed Operation Firewall was conducted by the U.S. Secret Service and other U.S. and European agencies and hit criminal sites based in the United states particularly hard.
This forced many organized criminal operations abroad and opened the door for a resurgence of illicit trade of financial information at abandoned Web sites, they say.
Larry Johnson, a special agent in charge at the U.S. Secret Service, estimated about four or five major Web sites run by criminals and consisting of more than 200 members remain in operation in the United States.
Many of the users operating on the fringes of the Internet are people who fail to gain access to criminal Web sites where administrators strictly control who gains entry to buy and sell stolen goods, he said.
"It is like the wild, wild West for those who want to go off on their own or could not establish themselves within a criminal organization," he said. "It is a pretty good philosophy."