Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/15/2014
03:35 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Price Tag Rises For Stolen Identities Sold In The Underground

What cybercriminals now charge for stolen identities, counterfeit identities, hacking tutorials, DDoS, and other services.

One year after the cybercrime underground slashed the price of a stolen identity by as much as 37% due to a glut in the black market, the price tag for a pilfered ID has inched upward again.

Researchers at Dell SecureWorks published their latest report on the underground hacker market today. Counterfeit identities are the new hot product to support fraud -- new fake identity kits, passports, Social Security numbers, utility bills, and driver's licenses. A new identity, including a working SSN, name, and address, goes for $250, and for an additional $100, you can get a utility bill for ID verification purposes when perpetrating fraud, the researchers found.

Stolen IDs are cheaper than phony ones, but a bit pricier than last year. A "fullz" -- as a stolen personal identity is known in the underground -- now goes for $30 in the US, up from $25 last year. A fullz in the UK, Australia, Canada, Asia, and the European Union is priced from $35 to $45, up from $30-$40 in 2013.

Meanwhile, the massive volume of stolen payment cards up for sale in the wake of an epic year in retailer data breaches has led to more nefarious vendors of stolen and counterfeit identity information trying to make a buck than ever, according to Dell SecureWorks. As a result, more of these vendors emphasizing customer service, with 100% guarantees on stolen information they're selling, for example. One seller promises to replace all "dead" stolen credit cards.

"The market almost mimics a real [and legitimate] one," says David Shear, network security analyst with Dell SecureWorks. "When you buy, they guarantee it will work up to a certain amount, [for example]. They are going out of their way" to differentiate based on customer service. Among some of their offerings are frequent buyer discounts and a more professional-looking presence.

The bad guys also are offering more services to their customers, such as tutorial services on how to hack and commit fraud. Among the services: basic carding, cashing out fullz, ATM hacking, and successful online banking fraud. The tutorial manuals are priced anywhere from $1 to $30.

Premium credit cards -- platinum and gold cards, for example -- can be purchased in bulk. One vendor offers a package of 10 cards at $13 apiece and up to 2,000 cards at $9 apiece. A single premium payment card can go for as much as $35. That same site says it has 14 million US credit cards for sale, plus hundreds of thousands more from other countries.

"I was surprised they said that. Most don't tell you how many cards they have," Shear says.

The price of a remote access Trojan (RAT) has dropped dramatically this year, from $50-$250 in 2013 to $20-$50 this year -- mostly Darkcomet, Blackshades, Cybergate, Predator Pain, and Dark DDoSer. Why the major price cut? The researchers believe it's due to the number of free RATs available in the wake of RAT source code leaks, which has driven the price point down.

[New report unearths what cybercriminals are charging for stolen identities and hacking services, such as DDoS and doxing. Read Glut In Stolen Identities Forces Price Cut In Cyberunderground.]

Bad guys buying bots can purchase a package of 5,000 compromised machines in the US for between $600 and $1,000. That's pricier than a UK bot package, which goes for $400-$500; the difference is likely due to the higher volume of financial site access of US machines.

The credentials to a "high-value" bank account with a balance of $70,000 to $150,000 can be purchased for about 6% of the balance amount in the underground. So that's $4,200 for access to a $70,000 bank account, the researchers found.

Interestingly, the report says there weren't many doxing services this year like there were last year. The ones that were offering services do so for $25-$100.

Here is a look at the underground pricing SecureWorks found:

Source: Dell SecureWorks
Source: Dell SecureWorks

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
12/17/2014 | 8:17:23 AM
Re: Hacking: Supply Exceeds Demand ?
@Technorati, I am with you on how fascinating it is to see the pricing structure. It really does illustrate just how bad things are and how cyber crime is now a business sector of its own.
aws0513
50%
50%
aws0513,
User Rank: Ninja
12/16/2014 | 3:11:54 PM
Re: Regional pricing
My guess on Asia system prices would be the reliability and/or value of the identity.

Much of Asia still has very limited (slower) connectivity.  Another factor is lack of reliable power in many large portions of the region.
Apply the factor that many Asian system owners still run older system platforms that are prone to failures or simply way too slow to be useful and you have a situation where running any cyber-ops can be too frustrating to pay for.  Don't get me wrong, there are still powerful systems in that region, but not the numbers that western regions may have.
A key indicator  in that region would be that there is no mention of a 10,000 system package in Asia.  It may be too much to even ask to try to get that there.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
12/16/2014 | 10:06:36 AM
Regional pricing
Considering the pricing chart showing such cheaper infections for systems in Asia, I wonder if a focus on improving security over there would have a knock on with the rest of the world? Clearly it's the lowest common denominator when it comes to secure systems. 
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
12/15/2014 | 6:41:44 PM
Hacking: Supply Exceeds Demand ?

The price chart of Hacking Cost is really fascinating.   I have never seen it itemized like this.  And I must say I thought the prices would be higher, but I guess there is a glut in the market now.

Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Major Brazilian Bank Tests Homomorphic Encryption on Financial Data
Kelly Sheridan, Staff Editor, Dark Reading,  1/10/2020
Will This Be the Year of the Branded Cybercriminal?
Raveed Laeb, Product Manager at KELA,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3683
PUBLISHED: 2020-01-17
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and...
CVE-2019-3682
PUBLISHED: 2020-01-17
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
CVE-2019-17361
PUBLISHED: 2020-01-17
In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
CVE-2019-19142
PUBLISHED: 2020-01-17
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.
CVE-2019-19801
PUBLISHED: 2020-01-17
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases.