Cyber-underworld price list revealed: $500 for company email inbox, $1,200 passports, etc

$5/hr DDoS floods, $123 Gmail accounts, and so on


The underground bazaars for stolen online identities, access to corporate email inboxes, and fake ID are booming, we're told.

Research by Dell SecureWorks says the market for underground hacking is increasing, particularly in Russia. Russian hackers are expanding their working hours and using guarantors to ensure customer happiness. There is an honor among thieves within online cybercrime souks, where reputation matters and repeat business is the aim.

Dell SecureWorks' report includes the latest price list for hacker goods and services:

  • Banking credentials change hands for between 1 and 5 per cent of the account balances.
  • American Express Cards fetch $30, towards the upper end of prices for plastic card credentials, which start at $7 and rise depending on the type of card and the amount of associated data offered for sale.
  • DDoS (distributed denial of service) attacks can be contracted for as low as $5 an hour, the same price as remote-access trojans.
  • Angler exploit kits – a common hacking tool that's used to sling malware from compromised or hacker-controlled websites – are licensed from $100.
  • Crooks are also expanding their offerings with a greater range of products, including ATM skimming devices for $400 or less.
  • Hacking a corporate email account costs $500 per mailbox, about four times the price of hacking into a Gmail or Hotmail account ($123).
  • A physical counterfeit French driver's license for $238 or German, US, Israeli, UK and international driver's licenses for about $173.
  • European passports are also on offer for $1,200 and upwards, far more than the $500 or less they cost in 2014.

The prices of identity documents have gone up while the cost of other items, particularly malware, has nose-dived.

Other items offered for sale include hacking tutorials, airline points and complete personal information dossiers (names, addresses, dates of birth, etc). These dossiers can be used for identity theft or other nefarious purposes.

"The underground marketplace is booming and only getting bigger, more sophisticated, and competitive," Dell SecureWorks concludes.

"Knowing what you and your organization are up against and where your information could potentially be going and what it's worth is a great way to help prioritize what you protect."

More details can be found in Dell SecureWorks' third annual report on Underground Hacker Markets here (registration required). ®

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • Interpol anti-fraud operation busts call centers behind business email scams
    1,770 premises raided, 2,000 arrested, $50m seized

    Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe.

    In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.

    Among the 2,000 people arrested in Operation First Light 2022 were call center operators and fraudsters, and money launderers. Interpol stated that the operation also saw 4,000 bank accounts frozen and 3,000 suspects identified.

    Continue reading
  • Cloud services proving handy for cybercriminals, SANS Institute warns
    Flying horses, gonna pwn me away...

    RSA Conference Living off the land is so 2021. These days, cybercriminals are living off the cloud, according to Katie Nickels, director of intelligence for Red Canary and a SANS Certified Instructor.

    "It's not enough to pay attention to the operating systems, the endpoints, said Nickels, speaking on a SANS Institute panel about the most dangerous new attack techniques at RSA Conference. "Adversaries, a lot of their intrusions, are using cloud services of different types."  

    And yes, living off the land (or the cloud), in which intruders use legitimate software and cloud services to deploy malware or spy on corporations and other nefarious activities, isn't a new type of attack, Nickels admitted. "But what's new here is the levels to which using cloud services [for cyberattacks] has risen." 

    Continue reading
  • Microsoft seizes 41 domains tied to 'Iranian phishing ring'
    Windows giant gets court order to take over dot-coms and more

    Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. 

    The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.

    "Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

    Continue reading

Biting the hand that feeds IT © 1998–2022