Prices for user data in the cybercriminal market

Breaking computer passwords

Password hacking is one of the common types of attacks on information systems using password authentication or a username-password pair. The essence of the attack boils down to the attacker taking possession of the password of a user who has the right to log in.

The attractiveness of the attack for the attacker is that if the password is successfully obtained, he is guaranteed to receive all the rights of the user whose account has been compromised, and in addition, logging in under an existing account usually causes less suspicion from system administrators.

Technically, an attack can be implemented in two ways: by multiple attempts at direct authentication in the system, or by analyzing password hashes obtained in another way, such as intercepting traffic.

The following approaches can be used:

• Direct bust. Search for all possible combinations of characters allowed in the password.
• Selection by dictionary. The method is based on the assumption that the password uses existing words of any language or a combination of them.
• Social engineering method. Based on the assumption that the user used personal information as a password, such as his first or last name, date of birth, etc.

Many tools have been developed to carry out the attack, for example, John the Ripper.

For more information, see Passwords

How to find out if my stolen passwords are among the stolen passwords?

It is worth checking your mail or account name on the Have I been pwned? website, created by Microsoft manager Troy Hunt. Hunt has collected almost one and a half billion accounts from 142 hacked services in one database. The system reports all known leaks where your mailbox is mentioned. Each item of the summary is given a brief help: when and under what conditions the leak occurred, what kind of data were in the hands of hackers and in what form they were stolen - open or encrypted^[1]

The site says, "Oh no - pwned!" What should I do?!

Look carefully at what leaks we are talking about: perhaps hacker attacks occurred a long time ago - and since then you have already changed your password three times, so there is no need to worry.

Large companies usually store not passwords, but their hashes - encrypted versions that are quite difficult to decrypt. Therefore, the fact of a leak does not always mean that something threatens your data. But it is important to remember that with due diligence, hackers will be able to recover the password.

But in general, the main recommendation here is: change the passwords of compromised accounts as soon as possible. If you used the same password on other sites, change it there too. And in the future, never do this: you cannot use the same password for different services.

All suspicious passwords have been changed. That's it?

On Hunt's website, you can also subscribe to notifications - if your account appears in a future leak, you will be warned. To do this, click on the "Notify me when I get pwned" button.

Also, obviously the base of the Have I been pwned site? doesn't know about all the leaks. Therefore, do not forget to follow the news and, just in case, change passwords in services if information about their hacking appears in the media. Finally, do not forget to update passwords in important services to you every few months - just in case.

2023

A 2.5-fold increase in the price of "breaking"

By the beginning of 2024, the cost of illegally obtaining information about citizens of the Russian Federation increased 2.5 times to 44.3 thousand rubles. This was announced on March 20, 2024 by Kommersant with reference to a study by DLBI.

Thus, the detail of the subscriber's conversations has risen in price by an average of 3.3 times, depending on the telecom operator. Banking information now costs 1.5 times more. Financiers and participants in the communications market consider their systems to be secure, as a result of which prices for "breaking through" are rising. Despite numerous information leaks, experts believe that the demand for personal information will continue.

The cost of illegally obtaining information about citizens of the Russian Federation increased 2.5 times to 44.3 thousand rubles

As part of the study, DLBI divided illegal collection on information into three streams - collecting and transmitting information through a telecom operator (detailing calls and SMS), "punching" bank customers (bank statements) and "punching" state systems (traffic police data, etc.). In total, DLBI analyzed the proposals of more than 80 intermediaries of such services in Telegram.

According to experts from the DLBI data leak intelligence and monitoring service, the average cost of services for the illegal issuance of data on citizens has increased 2.5 times. As a result, one data collection can cost up to 44.3 thousand rubles.

The "" VimpelCom data costs about 87 MTS thousand rubles, the - 68.5 thousand rubles. The most expensive telecom operators for "breaking through" were Megaphone and. Tele2 The price for them reaches 100 thousand rubles.

The cost of these bank customers in 2023 increased to 38-40 thousand rubles, which is 51% more expensive than last year. Breaking through banks remains the most unstable data mining service on the darknet, DLBI founder Ashot Hovhannisyan explained.

For most small banks, there is no "breakthrough" or it is extremely difficult to find it, "said Hovhannisyan.

The cost of extracting data from government systems is also rising. Popular requests are data from the databases of the Ministry of Internal Affairs, from the database of human movement "Search-Highway," data on passports from the AS "Russian Passport." The price of such data is about 2 thousand rubles per upload. Despite an increase of 40%, this category remains the cheapest.^[2]

The demand for "breaking" the location of the subscriber in Russia increased 1.5 times. How much does this service cost?

Russians have become more willing to use the services of "punching" subscribers by location: in the first six months of 2023, the number of requests for this service increased 1.5 times, to 35,160. Such data in BI.ZONE led in early July 2023.

According to BI Yevgeny Voloshin, director of the department for security analysis and counteraction to fraud. ZONE, the peak of demand for such services in 2023 fell on May: the number of requests was 26,317. From May 14 to 28, an average of 1.5 thousand messages appeared on specialized forums every day, he said.

How does "breaking through" happen? Criminals can determine geolocation through intermediaries who offer their services on the dark web. To do this, you need to know the phone number of the person of interest. The service is called "flash": you can find out the location of a person not in real time, but at a specific moment. All this is done with the help of insiders who have access to special equipment and software. Simply put, employees of cellular or Internet operators can secretly provide such services.

According to experts interviewed by Izvestia, jealous partners who check their halves and collectors to collect debts, as well as criminals preparing to rob an apartment, use the services of "breaking through" the locations of other people.

On average, a mobile "breaking through" costs about 30 thousand rubles, the newspaper writes, citing interviewed experts. According to them, the price depends on the urgency and the number of intermediaries in the chain. At the same time, receiving geodata of Beeline subscribers is cheaper compared to MTS, Megafon and Tele2, due to the fact that most often it is not done directly through the cellular operator.

The Izvestia correspondent on one of the shadow forums managed to find several proposals for determining the user's location at once. Thus, the cost of the coordinates of the Beeline subscriber is from 12 thousand rubles, and MTS, Tele2 and Megafon - on average 24 thousand.^[3]

2022: Prices for services "breaking" data on Russians for the year increased by 22%

The main trend in 2022 was a further rise in the price of the median cost of the "breaking" service (illegal receipt of information about, transactions property and secrecy of citizens' negotiations), which is provided by insiders virtue of official powers access to such information. Compared to 2021, the figure increased by 22%. At the same time, the growth rate of value decreased compared to 2020-2021, when breaking the price more than doubled. Such data TAdviser from January 20, 2023 was shared by Russian the intelligence data breaches and monitoring service (Data Darknet DLBI Leakage & Break Intelligence) based on the results of its annual research of the penetration market.

The study analyzed the proposals of almost 80 intermediaries performing trade this kind of illegal services, posted on shadow forums on channels and Internet Telegram darknets.

According to analysts, there have been significant changes within the penetration market, demonstrating the volume and effectiveness of data operators' efforts to combat insider leaks.

The cost of a bank break has practically not changed and amounts to 25.4 thousand rubles for a statement of accounts/cards of a client for a period of one month. At the same time, the supply of such services has been declining for the second year, and the largest commercial banks periodically completely disappear from the market as a result of the measures taken to combat insiders. A stable offer is present only for Sberbank, which, apparently, cannot cope with this problem. The number of intermediaries offering a bank break is also decreasing and accounts for less than 27% of all those working in this criminal market. At the same time, in 2021, the bank break has risen in price by 2020 by more than 2.5 times.

The cost of a mobile penetration, as well as in 2021, increased by about 60%, to 27 thousand rubles per month of detailed calls and SMS subscriber. At the same time, Beeline, MTS and Tele2 have increased the cost of breaking through by 2 or more times, while MegaFon has remained almost at the same level, which can be explained by the efforts of companies to curb leaks in the past year. The leader in terms of cost was MTS - 40 thousand rubles., Followed by Tele2 and Megafon - 28 thousand and 25.5 thousand rubles, and the cheapest remains Beeline - 15 thousand rubles.

The cost of breaking through the state databases of data has practically not changed and is, as in 2021, a meager 1.5-2 thousand rubles, which demonstrates the level of state interest in combating leaks of these citizens. An exception can only be called access to the Moscow facial recognition system "Safe City," which has completely disappeared from sale.

As the founder of the DLBI service Ashot Hovhannisyan noted, there is a clear picture of how efforts to combat insider data leaks are yielding results.

"We see how banks, albeit after several years of scandals, dealt with the problem and achieved results. Despite the fact that it is impossible to completely eradicate breaking through, the price of it is growing, which narrows the possibilities of criminals. We also see that mobile operators have begun to solve the problem, and we see the result of this. And this is very important, because many ask the question - is it possible to overcome data leaks at all or you need to wave your hand at it and get used to the fact that everyone knows everything about you, "added Ashot Hovhannisyan.

2021

100 thousand records of loan applications at Дом.РФ Bank are sold on the darknet for 100 thousand rubles.

About 100 thousand records of people who applied for lending at Дом.РФ Bank have been leaked to the darknet, RBC reported on April 5, 2021^[4]. For the entire base, the seller asks for 100 thousand rubles. The bank itself confirmed the fact of the leak and admitted that its cause was a vulnerability in the remote filing of initial applications for a cash loan. Read more here.

3.27 billion stolen credentials for sale for just $2

3.27 billion stolen credentials are up for sale for just $2 at the RaidForums cybercriminal forum. This became known on February 9, 2021.

The aggregate database combined old records from the cyber attacks data Netflix LinkedIn past, including account users, Exploit, etc.

A forum user using the alias Singularity0x01 published a database under the guise of the so-called "compilation of many breaches" (COMB).

Singularity0x01 said the collection was built on the basis of a previous compilation of 1.4 billion records. The data were presented alphabetically and in a tree structure. To view the link for downloading the password-protected.ZIP file containing the data, forum users needed to spend 8 RaidForums credits (about $2). They could then use a database-embedded tool to query and sort information.

Some users claimed the files were corrupted or missing, the total number of credentials was less than claimed and the information was of poor quality. All this led to the fact that Singularity0x01 earned a negative reputation on the cybercriminal forum. Singularity0x01 also created two identical topics on the forum, resulting in some users spending their credits twice. Singularity0x01 was soon permanently blocked at RaidForums of the Year for "leaking secret content," although the site's moderators did not provide any additional information, "Flatpost quoted 3.27[5].

2020

Databases of 18 companies with 386 million records published for free on the darknet

A cybercriminal or cybercriminal group known as ShinyHunters floods hacker forums with free databases. Since July 21, 2020, he began publishing databases on one of the darknet marketplaces, totaling more than 386 million records stolen from 18 companies as a result of leaks. This became known on July 29, 2020.

Typically, stolen bases data are sold privately at first for between $500 and $100,000. When they are no longer profitable, sellers post them on hacker forums for free to enhance their reputation in the hacker community.

Nine of the databases published on July 21 (Appen.com, Chatbooks.com, Dave.com, Drizly.com, GGumim.co.kr, Hurb.com, Mathway.com, Promo.com, Swvl.com, TrueFire.com and Wattpad) in the past were already opened in one way or another. However, the other nine, including Havenly, Indaba Music, Ivoy, Proctoru, Rewards1, Scentbird and Vakinha were made public for the first time.

Users of the above services are strongly advised to change passwords as soon as possible to avoid possible hacks. If the same password is used on other sites, you need to change it^[6] on^[7].

On the darknet, they ask from $71 for bank accounts and up to $3.1 thousand for domain admin accounts

On July 9, 2020, it became known that specialists from Digital Shadows found 15 billion accounts data on various underground trading floors in. Darknet

The compromised credentials were stolen as a result of more than 100,000 hacks and provide access to various accounts, including domain administrator accounts, bank and financial accounts, as well as accounts of social media services and streaming platforms.

Prices on underground marketplaces for such information range on average from $71 for bank accounts, $21 for access to antivirus accounts and up to $3.1 thousand for domain administrator accounts. Logins and passwords for video game user accounts and file sharing sites were available for less than $2 per entry.

Credentials for financial accounts with confirmed cash or accounts with privileged access to networks and systems of large businesses were sold at very high prices, experts said. Dozens of advertisements about administrator accounts were found on underground forums, which were auctioned off to bidders at prices ranging from $500 to $120 thousand.

In total, 25% of listings for the sale of stolen and leaked credentials were linked to bank and other financial accounts. Other popular ad categories included streaming, proxy/VPN, and cable TV accounts.

According to experts, the threat from hacking is aggravated by the tendency among a large number of Internet users to use the same and often easily guessable passwords for several accounts. Tools such as Sentry MBA and OpenBullet have made it easier for cybercriminals to verify millions of logins and passwords. Thus, attackers can use the credentials obtained from one hack to try to gain access to other accounts.

As the results of a study by Digital Shadows specialists showed, the number of compromised credentials available to cybercriminals on the dark web has grown by 300% since 2018. According to experts, out of 15 billion stolen credentials, about 5 billion are unique.

Illegal marketplaces such as Genesis Market, UnderWorld Market and Tenebris provide criminals with the ability to rent access to various types of accounts, including e-commerce, streaming and social media, sometimes for as ^[8] as $10 over a certain period of use^[9].

Skyeng student data is sold for 40 thousand rubles

On June 27, 2020, it became known that the Telegram channel In4security discovered a data leak of 5 million students and employees of the Skyeng language online school. The founder of DeviceLock Ashot Hovhannisyan clarified that the data is sold for 40,000 rubles. According to the expert, the database contains 270,000 records of Russian users, including students, teachers and employees of an online school. The entire base costs about 80 thousand rubles. Read more here.

2019

Data Base Moscow drivers was offered on shadow platforms at a price of 3.5 to 10 thousand rubles. per month

In early November 2019, Ashot Hovhannisyan the founder of leaks Darknet the DLBI search and monitoring service discovered in almost free access, database containing personal data Moscow drivers for the period from January to March 2019 and consisting of 358.4 thousand records. This became known on August 3, 2020. He noted that the database was distributed on a paid basis through several shadow sites at an average price of 3500 to 10 thousand rubles. in one month. More. here

For 45 thousand records of bank customers, criminals asked for an average of about 175 thousand rubles

Specialists from the analytical center Garda Technology"" conducted an analysis of the shadow market databases the Russian banks for 2019. Experts analyzed more than 350 advertisements for the sale of databases financial of organizations placed on underground trade sites and in special groups in. This social networks became known on January 22, 2020.

In the course of the study, the data of customers of banks that occupy leading positions in the ratings, as well as proposals from regional banks and microfinance organizations, were put up for sale.

In 2019, the data of 70,064,796 clients of 42 financial organizations of Russia were on open sale, most of which were not tied to regions and cities. The average cost of information was about 175 thousand rubles. for 45 thousand data of bank customers. The greatest value was the data from automated banking systems sold "in one hand." The cost of one record could vary from 5 rubles. up to 2 thousand rubles. The developed databases ended up in the underground market again and were sold in large quantities. The cost of one record from such a base was much lower and amounted to 0.5 rubles. and less.

As noted by experts, information about VIP clients of a large bank indicating passport data, card numbers and current balance on accounts relevant for 2015 was sold at 15-20 thousand rubles. for 20 thousand records, which is equivalent to a list of 300 thousand salary clients indicating only full name and phone number for 2018.

In recent years, the parameter of the relevance of sold data has also changed. If in 2016 the bulk of the databases got on the Web with a lag of 2-3 years, now fresh information is mainly sold. According to experts, the sale scheme has changed - previously the sellers were insiders who put up databases for sale after leaving work, and now in most cases this is done by intermediaries working with several informants.

91% of bank databases were provided by bank employees cooperating with sellers, 8% - by bank intermediaries (third-party services or bank employees working on promotions or in mobile offices). Such data were lists of names and contact details of persons interested in the bank's services. 1% of the information was obtained by attackers who exploited vulnerabilities in banking systems. Such information made it possible to simulate the actions of the client and withdraw money from the bank's accounts^[10].

Kaspersky Lab: medical card data is more expensive than bank

Kaspersky Lab has made a number of forecasts for 2020 regarding cyber incidents related to medical institutions. According to experts, more and more ads will appear on the darknet for the sale of medical data, including information from medical records or insurance policies. Already now, sometimes they are even more expensive than bank card data, because they are a valuable resource for attackers who use them to enter into trust in users, deceive them themselves or their relatives. Access to electronic medical record data may be interesting not only to steal them. Attackers can potentially make changes to them in order to carry out targeted attacks and deliberately make it difficult to make diagnoses.

Medical companies are increasingly becoming victims of ransomware. Such incidents become possible because, firstly, the health care industry does not take the risks associated with digitalization seriously enough, and secondly, they do not pay due attention to the training of employees in basic cybersecurity skills.

In 2019, every fifth device was attacked in medical organizations around the world (19%). According to Kaspersky Lab forecasts, the number of such attacks will grow, especially in developing countries, where the process of digitalization of such services is just beginning. In particular, there will be more and more targeted attacks using encryption programs that lead to a loss of access to internal data or resources. This is fraught with irregularities in the diagnosis process and even depriving patients of the care that is required immediately.

In addition, the number of attacks on research medical institutes and pharmaceutical companies conducting innovative research will increase. So, in 2019, 49% of devices in pharmaceutical companies were attacked. Research conducted by such organizations is expensive, and their results are highly valued, so, most likely, in 2020 they will increasingly become the target of APT groups specializing in intellectual property theft.

It is not yet known about cases of attacks on implantable medical devices such as neurostimulators, but since they contain numerous vulnerabilities, it is a matter of time before attackers exploit them. The creation of centralized networks, wearable and implantable medical devices can lead to a single entry point for a large-scale attack simultaneously on all patients using such devices.

Over $2,000 for patient and physician data in clandestine markets

the American FireEye cyber security hackers China Allegedly, the website of a large the Indian organization was hacked and health care 6,800,000 records containing it were stolen, according to the company specializing in. Between patient and physician information October 2018 and March 2019, FireEye analysts found several in underground markets that databases cost more than $2,000, the company said on August 23, 2019. Zecurion More. here

Cost of these clients of Russian banks on the black market

DeviceLock told in the summer of 2019 about current prices for data sold on the darknet by customers of Russian banks.

The cost of these clients of Sberbank on the black market on the Internet is 3 rubles. for one entry. For this money, the buyer will receive a full name, dates of birth, passport data, phone numbers, account numbers, account balance information, passbook numbers, account types (codes). In total, criminals offer 395 thousand records for May of this year in the Krasnoyarsk Territory, as well as in the Republics of Khakassia and Tuva.

For the data of clients of Raiffeisen Bank (300 thousand records), criminals ask for 12 rubles. for recording. This includes your full name, mobile phone number, account balance, and region.

As for Alfa-Bank, the researchers found on sale several databases of clients of the financial organization, differing only in a few columns. The cost of data is from 20 to 120 rubles. for recording.

For databases (there are three of them) of bank clients, Tinkoff"" sellers ask from 2 to 15 rubles. for recording. 15 rubles. for one record - the same price of the customer database Rosgosstrakh"." 5 rubles. for recording ask sellers of customer data B&N Bank"."

Two databases of Tinkoff Bank customers were also found on sale. The first contains about 1000 records (the seller asks for 70 rubles per record) for July this year. The second database, according to the seller, contains "all customer data, including account balances." Price - 100 rubles. for recording.

617 million accounts from 16 hacked sites are sold on the dark web for $20 thousand in bitcoin

On February 12, 2019, it became known that 617 million accounts stolen from users of 16 hacked sites were put up for sale on the Dream Market black market on the darknet.

For $20 thousand in bitcoin, anyone can purchase 162 million compromised Dubsmash accounts, 151 million MyFitnessPal, 92 million MyHeritage, 41 million ShareThis, 28 million HauteLook, 25 million Animoto, 22 million EyeEm, 20 million 8fit, 18 million Whitepages, 16 million Fotolog, 15 million 500px, 11 million Armor Games, 8 million BookMate, 6 million CoffeeMeetsBagel, 1 million Artsy and 0.7 million DataCamp.

The samples of the records for sale studied are valid. They mainly consist of the name of the account owner, email address and password (either hashed or encrypted using a one-way function). Depending on the site, the records also contain information about the user's location, his personal information and authorization tokens. Bank card details do not appear in the product description.

All databases are sold separately by the same seller. According to him, the Dubsmash database has already been purchased by at least one buyer.

Hacking of some sites from the list was already known earlier, as in the case of MyHeritage and MyFitnessPal. Nevertheless, leaks of user data from other sites have not been reported before, which means that either nothing was known about them, or the sites decided to silence 617^[11]

2018

Both prices and supply are growing on the black market of personal data

The company DeviceLock is a Russian manufacturer DLP of systems; on November 21, 2018, it announced the second study of Russian the black market personal data and related criminal services this year. As part of the study, proposals posted on Darknet ("shadow" Internet available through) resources were collected and analyzed. browser TOR

According to the results of the study, the cost of personal data without scans of documents practically did not change, while the cost of scans of documents decreased compared to the beginning of 2018, on average, by 25%, and the cost of "punching" services (criminal provision of information violating banking secrecy and privacy of correspondence), on the contrary, increased in different segments from 25% to 400%.

In particular, databases of personal data in Excel format for all regions of Russia containing full names, gender, telephone, full passport data, SNILS, registration and residence addresses for 2017-2018. sold at 20-25 kopecks per entry - compared to the beginning of the year, prices have not changed. A passport scan and a photo of the passport holder with a passport are sold at a price of 150 rubles per set, and a set of scans of a passport, SNILS, license and TIN - at a price of 300 rubles. In this segment, a decrease in prices is noticeable, on average, by 25% and a significant increase in supply.

According to the founder and CTO of DeviceLock Ashot Hovhannisyan, the value of personal data without scans of documents is small, since they are used mainly for spam and telephone fraud, which do not bring criminals a lot of income.

But scans of documents can be used to obtain online loans and therefore are very in demand by criminal elements. At the same time leaks scanned , documents often come from the MFIs themselves and the share of such leaks is growing. In the last quarter alone, the share of MFIs increased from 3% to 5% in the total number of incidents related to data leaks, Ashot Hovhannisyan added.

The cost of services for "punching" data from cellular operators increased by at least 25%. The detailed calls and SMS of the subscriber for the month is offered at a price of 2,000 rubles to 20,000 rubles - here prices, on average, increased by 50%. This segment has the widest selection of both sellers and data - from all kinds of statements to constant tracking of subscriber geolocation.

In the "bank break" market, according to Ashot Hovhannisyan, there is also a significant increase in prices (by more than 50% per year). The availability of a particular "service" may depend on the region of the Russian Federation. Bank account statements from the Top 10 are offered at a price of 8,000 rubles per month or 10,000 rubles per six months. There are very few real sellers in this segment and many intermediaries whose prices can be 4 times higher than the original ones. Information about prices and banks quickly loses its relevance.

Firstly, there are not only no fewer offers on the black market, on the contrary, their number has increased visibly. Perhaps the number of resellers of the same data has increased, but there is definitely no shortage in the proposals. Secondly, prices have increased almost everything. The rise in prices for the so-called "bank break" is especially noticeable, - said Ashot Hovhannisyan. The key tool of the struggle is operational measures, such as, for example, a not so long ago raid against violators of banking and other secrets. This allows you to effectively combat the segment of "punches," where by placing the "order" operatives can identify the entire chain from the seller to the direct data thief. But against the trade in already stolen data, this approach does not work. Here we need preventive measures - first of all, the widespread implementation of DLP systems. And, as the experience of the banking industry shows us, the best incentive is the direct requirements of the regulator.

Digital personality can cost less than $50 in Dark Web

Kaspersky Lab experts conducted a study of Dark Web markets, during which they found that as of November 9, 2018, cybercriminals can sell a user's digital life for less than $50. This refers to social media account data, bank details, remote access to servers or desktops, and even information from services such as Uber, Netflix and Spotify, gaming resources, dating apps and porn sites. The price for one hacked account averages one dollar. Also, attackers offer discounts on wholesale purchases.

Despite the fact that digital identity is inexpensive, it is a significant asset for cybercriminals in other respects, Kaspersky Lab experts noted. The victim may suffer financial and reputational damage, because attackers are hypothetically able to borrow money or commit a crime on behalf of another person.

The most common ways in which cybercriminals steal a digital identity are, first of all, phishing campaigns and exploiting vulnerabilities in software and applications. After a successful attack, attackers receive password dumps that collectively contain email addresses and passwords to log into a specific service.

It is worth noting that some scammers who sell user data on the Dark Web even provide customers with a lifetime warranty: if one account stops working, then instead it will be provided to another completely free of charge.

It is clear that data theft is a serious threat to all users, its consequences are manifested both at the individual and at the public level. Fortunately, there are measures that everyone can take to prevent such problems from occurring. It is necessary to use reliable passwords, effective security software and be aware of the entire amount of personal information that we post on social networks in the public domain and transfer to various organizations for free, "said Sergey Lozhkin, senior antivirus expert at Kaspersky Lab.

2017: The foundation of the comfortable life of hackers - selling passwords

Dozens of underground sites compete in the purchase and resale of credentials for authorization in a variety of services, and log bots operators can secure a comfortable life only by selling other people's passwords. This conclusion was made by journalist Brian Krebs, specializing in the disclosure and coverage of cybercrime.

According to statistics, a hacker selling data through Seller's Paradise can earn more than $288 thousand in just a few months. According to Krebs, a successful seller on Seller's Paradise can sell about 35 thousand pairs of credentials in seven months.

The seller receives money only when someone buys the goods offered to him. At the same time, Seller's Paradise takes about half of the cost of the goods as a commission. The average cost of user credentials for banking and e-commerce sites at Carder's Paradise is $15. This is the cost of logins and passwords for users of airbnb.com, comcast.com, creditkarma.com, logmein.com and uber.com. The credentials of AT&T Wireless subscribers paired with access to the contents of their mailboxes cost twice as much - $30.

The most expensive on Carder's Paradise are the customer credentials of the frys.com store ($190). The credentials of the US military from the credit union NavyFederal.com cost $60, and the credentials for authorization in the Thomson Reuters aggregators are $50^[12].

2016

Personal data of millions of Russians already on the "black" market

According to the results of the study "Black Database Market" of the analytical center "MFI Soft" for November 2016, the volume of the market for illegal databases in Russia is more than 30 million rubles, if translated into the number of records of individuals - it turns out more than 1.2 billion. In just a few hours of searching the Internet, you can find customer databases of large banks, insurance companies and online casinos.

See more - Personal data protection in Russia

Hacker Working Conditions

• Anonymous hack (mail/account owner unaware it was hacked)
• No password change (you get the password the victim uses)
• On average, the hacking period is from an hour to 3 days (in some cases up to 7 days)
• No prepayment (you pay when you are 100% confident in hacking)
• I provide any evidence (screen of the box/account, text of your message, temporary change of secrets. question, etc.)
• Rebates to regular customers (provide + 10% rebates after each 3rd completed order)
• I accept wholesale orders (with a one-time order of 15 or more addresses/accounts, I make a 50% discount)

Payment • BitCoin • WebMoney

• Yandex.Money
• Qiwi wallet
• Transfer to telephone via terminal
• Transfer to bank card

Rates for hacking "akks" or "soap" ^[13]

Breaking

• mail.ru: 2000 – 5000 р.
• yandex.ru: 2000 – 7000 р.
• gmail.com: 3000 – 10000 р.
• vk.com / odnoklassniki.ru : 3000 – 15000 р.
• yahoo : 12000 p.
• hotmail : 12000 p.
• corporate mail: individually (dated 18Kr.)

Archive (full dump without knowledge of the password) of the correspondence of the target account of individuals/legal entities as of the date of the request (one-time data pumping):

• mail.ru/rambler.ru/yandex.ru : 70 000 р.
• vkontakte.ru archive for the entire period of account creation: 80,000 rubles.

Leak monetization (leakedsource.com)

Price for individuals

• Period Bitcoin || PayPal
• 1 Day trial $2.00 || $4.00
• 7 Days $8.00 || $11.00
• 14 Days $15.00 || $18.00
• 28 Days $25.00 || $30.00
• 3 Months (90 Days) $70.00 || $85.00
• 6 Months (180 Days) $135.00 || $165.00
• 12 Months (365 Days) $265.00 || $320.00

Price for legal entities

• Small companies 1 Month: $1,000 (per month USD) - $1,000,000(per breach)
• Small companies 1 Month: $ 5,000 (per month USD) - $10,000,000(per breach)
• Medium to large companies 1 Month: $10,000 (per month USD)- $30,000,000(per breach)
• Large companies with hundreds of M of users 1 Month: Contact us for a quote Unlimited

source: e-mail leakedsource.com

Black Market Insider Prices

• Segmented database of 1523 contacts of TOP users of online MFIs: $100
• Base ~ 40,000 MFI debtors: $40
• OSAGO 2015 SPB base 12,000 contacts with full name: 50,000 rubles.
• Current CASCO Moscow 2016 base: 1 contact = 25 p.
• Bank's regional office customer base TOP-5 ~ 10,000 contacts August 2016:2000 p
• The base of the regional office of the bank TOP-5 debit card holders with 30K contact numbers, August 2016: 20,000 rubles.
• Data Base of depositors of "any" Bank at the rate of 10,000 contacts: 35,000 rubles.

Black Market Rates Get the passport scan by e-mail:

• Photo (U-turn): from 100 p.
• Photo (spread) + registration: 200 p.
• Photo (spread) + registration + SNILS: 500 p.
• Photo (spread) + registration + SNILS + TIN: 1000 p.
• Photo with passport in hand: 200 p.
• Scan copies of additional documents: 300 p.

• Base of more than 5000 scans of passports of the Russian Federation: 250Kr.
• Buy lost passport (paper):
  • inactive: 5000 p.
  • current (m/f): from 5000 to 15000 p.

• Make a new passport of a citizen of the Russian Federation (semi-official): from 100,000 rubles.
• Buy a database with 260,000 online store customer records: 60,000 rubles.

Facebook confessed to buying stolen passwords

In November 2016, it became known that Facebook is combing the darknet in search of stolen passwords, which it then buys from hackers. The company's goal is to protect those of its users who use the same password to several sites or social networks. This was announced at a web summit in Lisbon by Facebook Security Director Alex Stamos^[14].

According to Stamos, the purchased passwords are checked against Facebook's own database. This allows you to calculate and warn users whose authentication method is no longer secure. Stamos characterizes the password search procedure as computationally unpleasant and difficult.

Password buybacks are not a new practice for Facebook. The company resorted to this method after a hacker attack on Adobe in 2013, during which data from 2.9 million users was stolen.

Facebook found and bought the stolen data to find out which of the users had the same password for Adobe and Facebook. Having discovered a match, the social network hid the unsafe account from viewing until the owner changed the password.

The incident raised suspicions that Facebook keeps its users' passwords in text or other unencrypted form, which allows the company to compare them with bought-out lists.

Dell SecureWorks Bank Card Hacking Prices

Dell SecureWorks, which specializes in assessing and analyzing the information security of computer systems, published a price list for hacker services around the world in the summer of 2016.

"Services" for hacking bank cards fell significantly in price. So access to Visa and Master Card cards of an American bank will cost $7, a European bank - $40. Hacking the Premium Visa and MasterCard credit card will cost $30-80.

The scale of unauthorized bank card transactions is impressive - in 2015 there were completely more than 260 thousand fraudulent transactions in Russia in the amount of 1.14 billion rubles.

RSA data

RSA, part of EMC, presented in January 2016 the results of a study on the pricing of user data in the cybercriminal market. According to the leader of information security, with the active growth of users of social and networks, as well as the general informatization of society, user data is rapidly becoming cheaper, but they still remain a tidbit for attackers.

Thus, the cost of an account on popular social networks with more than 500 subscribers is estimated at $7.5, accounts with fewer subscribers cost cybercriminals less - their cost is about $5. In addition to social networks, hackers have recently increasingly turned their attention to the accounts of various online stores and online trading platforms. Such questionnaires usually contain a lot of confidential information (from mail, home and e-mail addresses, phone numbers, purchase history, bonus program points to plastic card numbers and transaction lists) and are estimated by criminals at only $2- $2.5.

Of course, the cost of wallets of electronic payment systems with plastic card accounts tied to them is much higher - attackers estimate such access to "fast" money more expensive (from $15). The cost of cashing out of such accounts is estimated at 25-30% of the transfer amount.

The RSA also calls for thinking about the security and users of traditional methods of payment and storage of funds. According to the company, the cost of a compromised bank account in the United States ranges from $150 to $300, and the cost of a fake blank plastic card for cashing ranges from $10 per card with a magnetic stripe to $20 per card with a chip.

Another urgent problem in terms of both personal and national security in many countries is fake documents. According to the RSA, fake identity documents are priced from $10 (for French or Italian documents) to $15 (for a set of Spanish documents).

See also

• Regulation of personal data in the Russian Federation
• Personal Data Law No. 152-FZ
• Protection of personal data in Russia
• Protection of personal data in countries of the world

• See TAdviser for DLP Solutions and Projects Catalog
• DLP - Data Loss/Leak Prevention
• What are the scares of data leaks and how to protect yourself from them? TA Details
• Security Incident Management - Issues and Solutions
• Data breaches
• Information Protection - DLP Myths and Reality
• Secure e-mail of confidential documents
• DLP Solutions (Russian Market)
• DLP Solutions (Global)
• What if the leak has already happened?
• Cutting and sewing lessons from DLP developers
• DLP: High-Profile Leaks

• Censorship (control) on the Internet. Experience of Russia
• Censorship (control and anonymity) on the Internet. World experience

• Cybercrime and cyber conflicts: Russia
• Cybercrime in the world
• Cyber wars
• Information security in banks
• Losses from cybercrime
• Cyber attacks

• Passwords
• Trojan (extortionist)

Notes