How much is the stolen financial data sold on the dark web black market worth?

[Tomcat]

As cases of identity theft on the Internet continue to grow, especially during the pandemic, Darknet. Global decided to conduct its own research. To shed light on the shadowy world of cybercriminals, try to figure out how it works.

The cybercrime market is developing at a faster pace than e-commerce. And carding forums, most of which are hiding in the Darknet, have become the most common formats for buying / selling illegal goods and services.

What did you find out?​

The high probability of deception and thousands of people looking for free "tutorials" on hacking and identity theft - this is the first impression of the study. Unfortunately, this is exactly the conclusion we came to after studying the online forums of illegal sites. Those that specialize in stealing credit card information.

This analysis showed the following:

• the vast majority of users did not buy or sell anything, although they actively communicated on the forums of carding sites;
• almost all forum visitors want free samples of certified products, malware source codes, and tutorials on hacking and detecting theft.

The actual buyers and sellers of the stolen information are just a small fraction of the visitors to the carding sites hosted on the Darknet. Fraudsters, as such, are much less of those who would like to get money using free, but criminal tools for this.

However, the volume of stolen financial information they sold turned out to be quite enough to maintain activity in this market. Information (financial, personal) sold and bought on such forums allows you to make unauthorized purchases on the Internet, open a bank account in the name of another person. Even create a clone of the victim's credit card that can be used in physical retail stores.

But even here, in the process of selling stolen bank data on the Darknet forums, customers are periodically deceived. How? It's very simple. It is suggested to buy information or even a clone of a credit card. And then, buyers are warned that they cannot be used.

The black market for stolen financial information is on the rise​

The FBI recently released a report of nearly 75% growth in cybercrimes after restrictions were imposed on people and businesses in most developed countries. With the requirements to go into self-isolation mode. According to Darknet.Global, black markets selling stolen financial information operate in one of the following categories:

• Internet Relay Chat is basically a simple form of text messaging;
• carding shops - purchase of goods with payment by "other people's" credit or deposit cards;
• Darknet markets;
• carding forums.

By far the most popular are carding forums.

It is easier to get access here than to other sites where information obtained by criminal means is sold / bought, where cybercrime organizes the sale of the "stolen". Unlike the Darknet markets, they are located on the regular Internet (clearnet). And in order to enter the Shadow Web, you need to comply with a special Internet protocol (use the Tor browser, at least).

There are several specialized topics on carding forums all the time. It offers credit card sales, malware distribution. Even free training manuals are being implemented.

Users are required to register a profile on the website in order to be able to comment. These profiles are also used to track the reliability ratings of forum members. As well as the recommendations provided by them and the started "trading operations".

Each topic has its own moderator, maybe even several. They perform a function similar to that of law enforcement officers. Not only are they discouraged from fraudulent activity on the forum, but they also set guidelines for user behavior.

True, such carding forums “don't live long”. A maximum of several months before law enforcement agencies "get" to them. But, one has only to close one such community to discuss (buy / sell) methods of fraud using "someone else's" bank cards, as soon a new one opens. Due to jurisdictional issues and technological complexities, few of these criminals can be detained.

Despite the mass of information offered in such communities, there is no doubt that visiting them poses a threat to the visitor.

The more time a user spends on the Internet, on such photo forums, the more he risks disclosing his personal information to cybercriminals

Darknet prices for hacking and stolen financial data​

The Shadow Web has a long-standing reputation as a haven for a wide variety of criminal gangs. Indeed, there is a lot to buy and sell here. Even while maintaining anonymity. If you are lucky, the data used to pay for the purchase will not be stolen by hackers.

The privacy provided by solutions like TOR creates an environment in which criminals can sell their goods without worrying about being caught by law enforcement.

To demonstrate how common offers to sell stolen financial data are, we crawled web marketplaces, forums, and Darknet websites to create an index of average prices for a number of specific products:

• cloned Mastercard with PIN - $ 15;
• cloned American Express card with PIN - 35 $;
• cloned Visa card with PIN code - $ 25;
• credit card details with an account balance of up to $ 1000 - costs $ 12;
• credit card details with an account balance of up to $ 5,000 - will cost the buyer $ 20;
• stolen online banking logins, with a minimum of $ 100 in the account - from $ 35;
• stolen online banking logins, with a minimum of $ 2,000 in the account - cost $ 65;
• Walmart account with credit card attached - $ 10;
• stolen PayPal account data, with a minimum of $ 100 in the account - almost $ 199;
• transfer from a stolen PayPal account from one thousand to three thousand dollars - from $ 320;
• transfer of more than three thousand dollars from a stolen PayPal account - from $ 156;
• transfer from a stolen Western Union account over a thousand dollars - $ 99.

It turned out that stealing PayPal account details is the easiest way. This information is the most common and inexpensive offer on the black market. The most expensive are real money transfers from a hacked account of a payment system or bank.

Fake documents

Fake documents are actively sold:

• US driver's license, medium quality - $ 70 each;
• US driver's license, high quality - $ 550 each;
• car insurance card - $ 70 each;
• fake bank statements - from $ 25 to $ 80;
• Rutgers State University student card - $ 70 each;
• passport of the USA, Canada or the European Union - $ 1500 each;
• European National Identity Card - for $ 550.

These documents come with a number of guarantees and are available with any data that the purchaser chooses. With just a few "pieces" of real information about someone, a criminal can create a "package" of official documents that will be used for all kinds of fraudulent activities. Starting from opening a company, ending with obtaining a loan. Both online and offline.

Counterfeit money

The sale of counterfeit banknotes in the black markets of the Darknet is extremely common. Basically - in denominations of 20 or 50. Most often, US dollars, euros, pounds sterling, Canadian and Australian dollars are sold.

Some fakes are even sold with a UV test guarantee. Such “quality” counterfeit money usually costs about 30% of the value of a real banknote.

Social media account

Even this "product" is offered on the Darknet sites. The prices are different, it all depends on the popularity of the social network and the complexity of the hack:

• hacking a Facebook account costs $ 74.5;
• hacking Instagram account - $ 55.45;
• hacking a Twitter account - costs $ 49;
• hacked Gmail account - $ 155.73;
• stealing Instagram followers (over 1000) - $ 7;
• theft of Spotify subscribers (over a thousand) - $ 3;
• on Twitch x 1000 - $ 6;
• in Tik tok x 1000 - 15 $;
• stealing followers on LinkedIn (over a thousand) - $ 10.

Offers to hack accounts or sell them are relatively rare on forums. But there are. Perhaps due to increased information security measures.

Hackers trying to obtain social media credentials from their victims are forced to use social engineering techniques rather than hacking techniques. Social engineering is a more costly technique for gaining access to personal information with a relatively low success rate.

Malicious programs

There is a wide range of prices in this segment, which depends on the quality and effectiveness of the malware:

1. Low quality global malware solutions with low speed and efficiency - up to $ 70.
2. Malicious software developments for the EU countries (low quality, low speed, low success rate) - up to $ 300.
3. Malware for the USA, Saudi Arabia, Great Britain, Australia (with low quality, speed and low efficiency) - up to $ 800.
4. When selling modern, high-quality malware, prices rise to $ 1400-1700.

Malicious tools are positioned as programs installed on almost all operating systems (Windows, Android, and others), which provide cybercriminals with access to the victim's computers and devices. The initial introduction of malware is carried out through fake online casinos, social networks, popular websites.

Some types of malware may simply use the resources of the victim's computer for activities such as mining cryptocurrencies. Others can be used to steal credentials. Business is profitable - for every thousand installations of a virus program, hackers steal tens of thousands of dollars.

DDoS attacks

Organizing DDoS attacks is also one of the proposals on the Darknet black markets:

1. An attack on an unprotected site, 10-50k requests per second, lasting 1 hour - $ 10.
2. An attack on an unprotected site, 10-50k requests per second, lasting 24 hours - $ 60.
3. An attack on an unprotected site, 10-50k requests per second, lasting 1 week - more than $ 400.
4. An attack on an unprotected site, 10-50k requests per second, within 1 month - will cost the customer $ 800 or more.
5. Attack on a secure site (premium option), 20-50k requests per second, several elite proxies, lasting 24 hours - $ 200.

A distributed denial of service (DDoS) attack aims to take a website offline by sending thousands of requests per second, overloading the website server, causing it to malfunction or even go offline.

An equally common subject of sale is a guide to withdrawing money from a stolen account. Their price is minimal. True, there is no guarantee that the techniques sold on the black market will work.

How to protect yourself from identity fraud​

If you find that money has been stolen from your bank account, you can try to get it back through your bank. But this is long, does not guarantee a positive result. It may take more than one year of going through the authorities. And, in addition to stealing money, a loan can be issued to the victim's account ...

We recommend fairly simple security measures:

1. Do not provide your confidential information over the phone - it is better to do it in person.
2. Each time using an ATM, make sure that the machine is not equipped with a skimmer (a reader of information from a bank card that allows an intruder to create a clone of the card's magnetic stripe). This is enough to recreate a map from nothing. We recommend checking the ATM. Press down on the sides of the card port and see if anything is loose. The skimmers are made to mimic the padding around the ports, but they are set delicately enough so that they move easily even with little pressure. Check for glue around the edges of the credit card port or tape. If there is something like that - stay away from this ATM and call the bank.
3. Test the ATM keypad by slightly lifting the edges. Fake keyboards are sometimes placed on top of legitimate ones to write down your PIN.
4. Check for malware on your computer to make sure your data is not being written as you type. Use an anti-malware tool.
5. Avoid using a public or unsecured Wi-Fi hotspot. If you need to log into an account on a network that you don't 100% trust, use a VPN to encrypt all communications.
6. Delete accounts that you do not intend to use in the future. Old accounts can be compromised and this leads to problems in the future.
7. Never use the same password for multiple accounts. This is the easiest way for an attacker to gain access to confidential information.

This list can be a little complicated and cumbersome. However, this is only a first impression. You just need to get used to following these rules and develop a sense of "cyber danger".