Booming black market for hacker goods

Booming black market for hacker goods

Personal data, credit card information or website attacks: there is almost nothing you are unable to purchase in a hacker forum or online market space. A new study gives interesting insights.

Dell SecureWorks security experts took a close look at the Russian hacker market for its newest Underground Hacker Report. Their conclusion is that the market for illegal digital goods and services is growing, the hackers are getting smarter, and the competition is getting harder. That’s why today’s hackers consider themselves as service providers. They offer a satisfaction guarantee and promote their 24/7 availability. They even stress their professionalism and fairness during the transaction process.

Hackers offer a wide variety of services to their customers. Starting with American credit card information (MasterCard or VISA) on sale for $7, credit cards including saved data for $15 to $30, or even a complete ID profile, including a scanned social security number and driver’s license, for $90. Even bank accounts are for sale. The price depends on the amount of money in the account. An American bank account with approximately $7000 in it for example, would cost around $300.

It is not only hacked account data that is available either. For about $129, attacks on accounts at major email providers such as Yahoo, Gmail or Hotmail and social media platforms, like Facebook, can also be purchased. Stealing data from a website would cost approximately $350. The price for shutting down a website with the help of DDoS (Distributed Denial of Service) depends on the workload, starting with $5 an hour and costing up to $600 for an entire week.

The huge commoditization of all these possibilities is beyond belief for many people. For victims of identity theft, it is a critical situation. Once stolen data is circulating on the web, it is almost impossible for the affected person to mitigate the potential levels of damage.

The broad availability of hacker goods is a major threat for businesses too. Stolen credit card information can be used to pay for goods online; stolen identities can be used to create fake accounts; and when fraudsters are in control over someone else’s email account, they can easily gain access to sensitive data and even to other user accounts. Account takeovers can cause great harm and it’s important to stop fraudulent activity from inside ‘normal’ accounts, while letting the good transactions through.