Online hacking continued its two-year trend toward criminalization in the last half of 2006, with data theft fueling a thriving underground economy, according to an Internet security report released on Monday.
The semi-annual report by computer security services firm Symantec found that people could pay for as little as 14 U.S. dollars online to buy a new identity, and complete with working U. S. bank account, credit card with security code, date of birth and government-issued social security number.
While the industry has shown increasing concern about the professionalization of online crime for more than a year, the new foundings describe a massive, sophisticated shadow information economy in the Internet world.
The Symantec Internet Security Threat Report tracked online threats, such as viruses and e-mail scams, from July through December of last year, on the tens of millions of computer systems used by the Silicon Valley company and its customers across the world.
The number of Symantec-tracked computers controlled by networks of bots, or software robots, increased by 29 percent from early 2006 to just more than 6 million, yet the number of command-and- control systems running the bot networks dropped by 25 percent, probably because of the consolidating of the networks.
The United States had the highest number of command and control computers driving these bot networks, with 40 percent late last year, while China had 26 percent of the world's bot-infected computers, more than any country, a statistic mostly explained by the rapid growth of the Chinese technology industry, according to the report.
In addition to hosting 40 percent of command and control servers, the United States also had 51 percent of the known underground economy servers in late 2006, Symantec reported.
These servers offered U.S. credit cards with verification numbers at prices ranging from 1 to 6 dollars each, and personal identity information was being sold in the same price range.
There are no figures on the size of the underground economy trading in stolen identities, but authors of the Symantec report guessed that the figure would be in the hundreds of millions of dollars, if not billions.
Symantec also said that software applications have become an increasing target, in spite of software giant Microsoft's efforts to tighten up security on its operating systems, including the just-launched Windows Vista.