The underground bazaars for stolen online identities, access to corporate email inboxes, and fake ID are booming, we're told.
Research by Dell SecureWorks says the market for underground hacking is increasing, particularly in Russia. Russian hackers are expanding their working hours and using guarantors to ensure customer happiness. There is an honor among thieves within online cybercrime souks, where reputation matters and repeat business is the aim.
Dell SecureWorks' report includes the latest price list for hacker goods and services:
- Banking credentials change hands for between 1 and 5 per cent of the account balances.
- American Express Cards fetch $30, towards the upper end of prices for plastic card credentials, which start at $7 and rise depending on the type of card and the amount of associated data offered for sale.
- DDoS (distributed denial of service) attacks can be contracted for as low as $5 an hour, the same price as remote-access trojans.
- Angler exploit kits – a common hacking tool that's used to sling malware from compromised or hacker-controlled websites – are licensed from $100.
- Crooks are also expanding their offerings with a greater range of products, including ATM skimming devices for $400 or less.
- Hacking a corporate email account costs $500 per mailbox, about four times the price of hacking into a Gmail or Hotmail account ($123).
- A physical counterfeit French driver's license for $238 or German, US, Israeli, UK and international driver's licenses for about $173.
- European passports are also on offer for $1,200 and upwards, far more than the $500 or less they cost in 2014.
The prices of identity documents have gone up while the cost of other items, particularly malware, has nose-dived.
Other items offered for sale include hacking tutorials, airline points and complete personal information dossiers (names, addresses, dates of birth, etc). These dossiers can be used for identity theft or other nefarious purposes.
"The underground marketplace is booming and only getting bigger, more sophisticated, and competitive," Dell SecureWorks concludes.
"Knowing what you and your organization are up against and where your information could potentially be going and what it's worth is a great way to help prioritize what you protect."
More details can be found in Dell SecureWorks' third annual report on Underground Hacker Markets here (registration required). ®