iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
We all know what happens to the data stolen by hackers if the ransom isn’t paid up — it ends up somewhere on the darknet for sale to anyone with a questionable moral compass and money to spend.
But what does it actually cost to purchase such data, and how do people even find it?
The finding part is often a lot easier than you think. DuckDuckGo is the search engine of choice for the anonymous and highly private darknet. It won’t return the actual forums and markets you need to get to, but it will easily point you to the sites that list and even review such markets and forums.
Once you find a forum or market that offers the service you’re looking for — such as stolen passports — signing up for them is not unlike creating an eBay account. The main difference is that purchases are made with cryptocurrencies, and quite often such sites are far more secure than their clear web counterparts. Passphrases, distributed denial-of-service (DDoS) protection pages, and multifactor authentication are all quite standard on many darknet marketplaces.
Once signed in and with some cryptocurrency in your digital wallet, you might expect the costs to be extreme, but you’d be surprised how cheap some things are.
Research by BitDefender has revealed the common prices for a range of illicit goods, from credit cards to credentials databases and more.
In fact, credit cards are some of the cheapest such goods you can buy. A cloned credit card with US$3,500 on it can be bought for US$140. Other sellers offer discounts for buying multiple cards, while the cheapest card — with between US$700 and US$1,000 on it — can cost as little as US$80.
At the other end of the scale, a stolen black Amex with up to US$60,000 costs US$620. Purchasing is just like buying something on eBay — except you’re committing a crime.
PayPal accounts are another item up for sale, and the pricing is similar to stolen credit cards — you pay far less than the dollar value of the account you’re paying for. For instance, a personal PayPal account with US$8,500 in it can be bought for just US$250. The relative cheapness is no doubt related to the risk associated with using a stolen card or account; the market is always right, and this is what the market expects to pay.
Hacked social media accounts are another commodity. If you have the need to own 500 million compromised Facebook accounts, that will set you back US$19.99, which honestly may well be over-egging the deal. You can also buy followers, with 50,000 Instagram followers costing would-be influencers US$250.
Then there are entire databases of personal information for sale. These are often compiled from multiple sources — often from multiple breaches and other similar databases; these rarely cost more than US$100 and can contain millions of records.
Then, at the upper end, you have complete sets of exfiltrated data of a specific type. For example, the Shanghai National Police database — with over 1 billion records — will set the budding criminologist back US$1,064.
Real IDs, however, whether actually real or fakes good enough to pass as real, are worth top dollar. At the lower end, a registered US passport goes for about €1,680, while an EU biometric passport tops out at €4,500.
The ease with which any item, from stolen physical things such as credit cards to huge dumps of personal information, can be found and bought online should give everyone pause. In particular, companies involved in handling large amounts of consumer data should be aware of just how easily that data can be monetised — and abused — online.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
