U.S. is No. 1 source of hacking, firm says
The United States generates more malicious computer activity than any other country, and sophisticated hackers worldwide are banding together in highly efficient crime rings, according to a new report.
Researchers at Cupertino, Calif.-based Symantec Corp. also found that fierce competition in the criminal underworld was driving down prices for stolen financial information.
Criminals can buy verified credit card numbers for as little as $1, and they can buy a complete identity -- a date of birth and U.S. bank account, credit card and government-issued identification numbers -- for $14, according to Symantec’s twice-yearly Internet Security Threat Report, to be released today.
Researchers at the security software company found that about a third of all computer attacks worldwide in the second half of 2006 originated from machines in the U.S.
As a breeding ground for threats such as spam and malicious code, the U.S. easily surpasses runners-up China, which generates 10% of attacks, and Germany, which generates 7%.
The U.S. also leads in “bot network activity.” Bots are compromised computers controlled remotely and operating in concert to pump out spam or perform other nefarious acts.
The legitimate owner of the computer typically doesn’t know the machine has been taken over. The phenomenon is largely responsible for the increase in junk e-mail in the last six months.
Spam made up 59% of all e-mail traffic Symantec monitored. That’s up 5 percentage points from the previous period. Much of the spam was related to stock picks and other financial scams.
The U.S. is also home to more than half of the world’s “underground-economy servers” -- typically corporate computers that have been commandeered to facilitate clandestine transactions involving stolen data and may be compromised for as little as two hours or as long as two weeks, according to the report.
The study marks the first time Symantec researchers have studied the national origins of computer attacks. The report focused on attacks during the last half of 2006 on more than 120 million computers running Symantec antivirus software. The company operates more than 2 million decoy e-mail accounts designed to attract messages from around the world to identify spam and phishing activity.
