The company behind it, CloudeyeZ, is publishing the data it collects, called the “Underground Activity Index,” daily on its website, said founder Dan Clements. The company offers several services centered around finding stolen data and matching it with the organization that was breached.
The project, which is run by CloudeyeZ team member Nikolay Danev of Bulgaria, is a somewhat new approach. While major security vendors have periodically published information on how much stolen credit card data sells for, the data hasn’t been in real time.
“We never really thought we would kind of bring the intelligence out of the closet and put it up somewhere where you could watch it,” Clements said.
CloudeyeZ, based in California, is collecting the data using bots, or automated programs that can scrape and collate data from seven of the major English-speaking forums. There are many more such forums on the Internet. Clements said the sites chosen to collect the statistics are representative enough “where we might be able to see fluctuations in the supply and demand in the cards in the underground.”
The URLs of the sites are not included in the published data. The forums are typically password protected, with membership strictly limited to vetted participants, although law enforcement and security researchers have managed to infiltrate the forums.
Hackers specialize in collecting card data and then sell it in the forums to other fraudsters, who try to buy goods online or create fake cards in an attempt to cash out.