Dell
SecureWorks recently published a report on the underground hacker market and
you’d be surprised how the process mimics the traditional retail world. A high
percentage of the stolen data is sold on the open market on the DarkNet 1. These guys actually run sales and sometimes
even offer guarantees on the information sold.
Competition in this market has some of these vendors emphasizing customer service, with some offering 100% guarantees on the stolen information they're selling. One seller even promises to replace all "dead" stolen credit cards. He can afford to do this because there is such a huge glut of stolen credit card info out there.
Competition in this market has some of these vendors emphasizing customer service, with some offering 100% guarantees on the stolen information they're selling. One seller even promises to replace all "dead" stolen credit cards. He can afford to do this because there is such a huge glut of stolen credit card info out there.
Premium
credit cards -- platinum and gold cards, for example -- can be purchased in
bulk. One vendor offers a package of 10 cards at $13 apiece and up to 2,000
cards at $9 apiece. A single premium payment card can go for as much as $35. A standard VISA or Mastercard can sell for as
little as $4. Doesn’t sound like a very
high price for your credit card, does it?
Consider this. That same site
says it has 14 million US credit cards for sale, plus hundreds of thousands
more from other countries. It’s all
about volume!
Counterfeit
identities are the new hot product to support fraud -- new fake identity kits,
passports, Social Security numbers, utility bills, and driver's licenses. A complete new identity, including a working
SSN, name, and address, goes for about $250, and for an extra $100, they’ll
even throw in a utility bill for ID verification purposes.
Some bad
guys also are offering new services to their customers, such as tutorials on
how to hack and commit fraud. Among these services are basic “carding”, cashing
out fullz 2, ATM hacking, and successful online banking fraud. Tutorial manuals can cost anywhere from $1 to
$30.
Ever
thought about taking up a life of crime?
The price of a remote access Trojan (RAT) has dropped dramatically this
year, from $50-$250 in 2013 to only $20-$50 this year. Why the major price drop? Researchers believe it's due to the number of
free RATs available in the wake of RAT source code leaks, which has driven prices
down.
To start a
business providing Distributed Denial Of Server attacks (DDOS), bad guys can buy
bots with a package of 5,000 compromised machines in the US for between $600
and $1,000.
The
credentials for a "high-value" bank account with a balance of $70,000
to $150,000 can be purchased for about 6% of the balance amount. So for $4,200 they can have access to a
$70,000 bank account.
It was recently
reported that organized crime based in Russia and Ukraine raked in about $2
Billion last year so we’re not talking chump change here. Cyber-criminals are in this for the long haul
so don’t expect the threat to do anything but get bigger and more
aggressive. Just like them, you’ve got
to improve every aspect of your defenses from firewalls, servers, computers and
especially your portable devices like tablets and smartphones. Remember, hacking is BIG business! It’s not a matter of IF you’ll be breached,
it’s only a matter of when and how well and how fast you react.
1 - A darknet is a
private network where connections are made only between trusted peers —
sometimes called "friends" using non-standard protocols and ports. Hackers, among others, use this technique to
privatize their own little corner of the Internet.
2 - “Fullz” is a slang term used by
hackers meaning full packages of individuals' identifying information.
"Fullz" usually contain an individuals name, Social Security number,
birth date, account numbers and other data. Fullz are sold to identity thieves,
who use them in credit fraud schemes.
Jeff Hoffman is a network security and information protection
consultant with ACT Network Solutions.
He can be reached at jhoffman@act4networks.com
No comments:
Post a Comment