A new security project is monitoring in real time the price of stolen credit-card data sold in underground forums, which may eventually reveal emerging cybercrime trends.
The company behind it, CloudeyeZ, is publishing the data it collects, called the "Underground Activity Index," daily on its website, said founder Dan Clements. The company offers several services centered around finding stolen data and matching it with the organization that was breached.
The project, which is run by CloudeyeZ team member Nikolay Danev of Bulgaria, is a somewhat new approach. While major security vendors have periodically published information on how much stolen credit card data sells for, the data hasn't been in real time.
"We never really thought we would kind of bring the intelligence out of the closet and put it up somewhere where you could watch it," Clement said.
CloudeyeZ, based in California, is collecting the data using bots, or automated programs that can scrape and collate data from seven of the major English-speaking forums. There are many more such forums on the Internet. Clements said the sites chosen to collect the statistics are representative enough "where we might be able to see fluctuations in the supply and demand in the cards in the underground."
The URLs of the sites are not included in the published data. The forums are typically password protected, with membership strictly limited to vetted participants, although law enforcement and security researchers have managed to infiltrate the forums.
Hackers specialize in collecting card data and then sell it in the forums to other fraudsters, who try to buy goods online or create fake cards in an attempt to cash out.
CloudeyeZ is monitoring more than 300,000 sets of card details, which mostly are U.S. cards including Visa, MasterCard, Discovery and American Express. Visa cards appear to be the most popular, which CloudeyeZ attributes to the large number of cards in circulation, which has also made those the cheapest cards at around $2 each.
The project has only been running for about three weeks, so it is too early to spot trends. But CloudeyeZ hopes the monitoring will reveal factors that influence prices, such as law enforcement actions, Clements said.
Sign up for CIO Asia eNewsletters.