The underground hacking economy seems to be alive and well, according to Dell SecureWorks. In July the FBI charged two Russian hackers for hacking into US financial institutions that resulted in the theft of millions of dollars from more than 800,000 victim bank accounts. One of these same hackers and several other hackers, were also charged with the stealing and selling of at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars. According to the indictment, these losses “included $300 million in losses for just three of the corporate victims and immeasurable losses to the identity theft victims, due to the costs associated with stolen identities and fraudulent charges.”
Joe Stewart, Dell SecureWorks’ Director of Malware Research for the Counter Threat Unit (CTU) and independent researcher David Shear decided to investigate this marketplace to find out what is selling and for how much.
See more at: http://www.secureworks.com/
A service being sold on the hacker underground is where hackers will sell popular products, below the retail price. The hackers will obtain a specified product for a buyer either by using a stolen credit card or by working a scam, where they contact the retailer’s customer service representative and pretend to have purchased the item from the vendor, and it was damaged. The customer service representative is convinced that the complaint is legitimate, and they send out a replacement to the scammer, who in turn sells the product below the retail price.
Summary
For the most part, it does not appear that the types of hacker services and stolen data for sell on the hacker underground have changed dramatically in the past several years. The only noticeable difference is the drop in price for online bank account credentials and the drop in price for Fullz or Personal Credentials. In 2011, the CTU saw hackers selling US bank account credentials with balances of $7,000 for $300. Now, we see accounts with balances ranging from $70,000 to $150,000 go for $300 and less, depending on the banking institution where the account is located. In 2011, we also saw hackers selling Fullz for anywhere from $40 to $60, depending on the victim’s country of residence. Fullz are now selling between $25 and only go up to $40, depending on the victim’s location. Dell SecureWorks believes the drop in prices further substantiates that there is an abundance of stolen bank account credentials and personal identities for sale. There is also no shortage of hackers willing to do about anything, computer related, for money, and they are continually finding ways to monetize personal and business data.
The cost to hire a hacker to break into an organization’s website runs between $100 to $300. Generally the higher the fee, the more reputable the hacker. What Stewart and Shear did note when investigating these particular services is that the particular hackers they dealt with made it clear that they would not hack into a government or military website.
Visit: http://www.secureworks.com/
