Armor , a US based cloud security firm, has released a report detailing the Dark Web price setting practices. Armor researchers took a look at several Dark Web markets and lurked long enough to establish some decent data on prices. Their findings show that the Dark Web is growing, with prices increasing over similar studies conducted by Dell in 2013, 2014, and 2015.
Armor researchers say that a DDoS attack comes for relatively cheap money, at $10/hr. There are price breaks for longer attacks, with a 24-hour attack coming in at $200, and week-long attacks priced between $500 and $1200. Other types of attacks are available too, including Banking Botnet attacks at a modest $750 a month, WordPress exploits coming it at 100 bucks a shot, ATM skimmers for $1500, and more. The researchers even found fifty dollar hacking tuts!
While these services are all available, the real coup de gras of the Dark Web is credit card data. This is nothing new, researchers have seen credit card data take up most of the Dark Web market for a while. These datasets are organized and sold by the victim’s country of origin, and there are a few price tiers based on how the data was gathered, and how complete the data is. For instance, data obtained with POS malware is less expensive than Track 1 or Track 2 data, which is used to clone cards. The tiers become exponentially more expensive as data gets better.
If credit card data is not a cybercriminal’s cup of tea, they can go straight for access to compromised bank accounts. Clearly, this is the more liquid approach of defrauding people. The prices for this type of access is based on how much money is available in the target account. The accounts are accessed via trojans, and the backdoors created are then sold to clients on the Dark Web . Those people the initiate phony transactions, drain accounts, etc. Some crooks even buy items with money from these accounts and then resell the items to turn a profit and launder the funds.
Not all Dark Web items are about accessing funds though. Some are about good old fashion identity theft. Availability includes passports, forged ID cards, green cards, prescriptions, bills, and whatever else someone might need to prove that they are someone they certainly aren’t. Again, this is organized by country, and North American documents are the most costly.
Finally, in addition to paper documents for identity theft, there are electronic credentials for all manner of accounts. Clients can buy access to sites like Facebook, Twitter, Hulu, Amazon, Skype – even Netflix! (Just pony up the 8 bucks a month, man!). Cybercriminals are even offering access to travel points rewards accounts. To get into social media accounts, a measly $13 bucks is the going rate. For free airline points, a crook is looking at a paltry $98.88 for 50 thousand miles on Southwest. If someone wanted to fly on an EU airline, it would cost a bit more, and to round out a vacation, hackers offer hotel rewards points for as high as $140. At some point, just booking a hotel room would make more sense.
The Dark Web remains an interesting place, and clearly offers a lot of services for people dealing with illicit activities. The report from Armor details a number of other available services in some handy charts, for those who are wondering. As a non-criminal, it is interesting to see just how much our information is worth, or how little. Users should always remember to protect their accounts as thoroughly as possible because data is pretty cheap to the right buyers on the right market.