The value of personal data in the criminal underground

Which is the cost of personal data in the criminal underground? How cyber criminals steal personal data? Which is the cashout process?

What is the underground economy?
Put simply, the underground economy is a collection of forums, chat rooms and custom-made websites that are all designed to facilitate, streamline and industrialize cybercrime. It’s within these communities that cybercriminals gather to trade tools, services and victims’ credentials.

What’s their motivation? Making money, of course. Let’s take a look at how cybercriminals turn our personal information into cash, and how much that information is worth.

The cashout

Identity theft “operations” are made up of two major parts:

• obtaining the credentials
• the “cashout,” or turning those credentials into money.

There are various ways to obtain credentials. Some options are Phishing attacks, Trojan Horses and hacking into an online merchants’ databases. Credentials can also be obtained through real-world activities like credit card skimming or infecting point-of-sale devices with malware.

The cashout method is based on the type of credential, which in turn is dictated by the way it was collected. If the credential is what hackers call a “dump” (the raw information on the magnetic strip), which was collected through real-world skimming, the cashout is performed by encoding the “dump” data onto a fake credit card and physically going to a store to make purchases. This is also known as carding. If the credential is associated with an online banking service, obtained either by Phishing or a Trojan horse, the cashout involves setting up a “mule account” that accepts a fraudulent money transfer from the compromised account.

The value of our personal information

• Credit cards – Credit cards are the most commonly traded commodities in the underground economy. There are two “flavors” of credit card credentials: “dumps” and “CVVs.” “CVV” in hacker speak refers to a credit card record that includes the cardholder’s name, address, card number, expiration date and the CVV2. This card information can only be used with online merchants, while “dumps,” on the other hand, can only be used with brick-and-mortar merchants. The price for both “dumps” and “CVVs” varies based on the type of card, the expiration date (you can get cards that are about to expire on sale!), the country, the seller and more. “Dumps” tend to be worth more than “CVVs” simply because the payoff is bigger; a hacker can buy goods of higher value with a “dump” than with a “CVV.” With this, “CVVs” usually cost less than $10, while “dumps” can go as high as several dozens of dollars.

• Bank Logins – The price for compromised bank account information in the underground market depends on the account balance (where in many instances the price is a percentage of the balance) and the associated bank. Certain bank accounts are more difficult to cashout than others, which may be reflected in the price.

• “Fullz” – “Fullz” is another type of financial credential traded in the underground. It’s hacker terminology for the full information on a victim, including the victim’s name, address, credit card information, social security number, date of birth, mother’s maiden name, driver’s license number and more. As a rule of thumb, the more information you have on your victim, the more money you can make out of the credential. “Fullz” are usually pricier than the standard credit card credential but still cost less than $100 per record. This type of credential can be cashed out in a number of ways, such as using a bank’s telephone service while posing as the victim, doing a “change of billing” and ordering credit cards, applying for loans and more. Even “Dead Fullz,” which are “Fullz” credentials that are no longer valid, can be used for things like opening a “mule account” on behalf of the victim and without his or her knowledge.

• Online account credentials – When it comes to credentials for online services accounts, PayPal and eBay are popular in the criminal underground. While PayPal is more difficult to cashout, hackers still target them because so many people use PayPal and because the cashout methods are “universal” (i.e., a PayPal account is a PayPal account, unlike different banks with their varying policies and procedures). eBay accounts facilitate auction fraud, which has been a popular scam method for many years now. In terms of cost, PayPal and eBay prices substantially differ from seller to seller, and can go for as low as $2 for a PayPal account (a low cost most likely because of the investment needed to cashout PayPal accounts).

• Gaming credentials – It’s not surprising that hackers have found a way to cashout online games. They can do this by selling the virtual gold and unique virtual goods obtained by the victim’s character for real-world money. Steam accounts are also sold in the underground economy (Steam being the most popular store for PC games), though it’s unclear whether the buyer intends to somehow cashout the account or to simply attempt to gain access to games bought by the victim.

Identity thieves operate with one thing in mind, and that is to make money. Any account type that can be cashed out in order to rake in a profit for the fraudster is a legitimate target. As hackers are always on the lookout to generate new means of income, demand may rise in the underground for new accounts and new credentials over time, which puts users at a constant risk of being targeted.

About the Author
Omri Toppol has been working with hi-tech startups for over 15 years. He is an entrepreneur with an extensive technical background and a passion for mobile.

About LogDog
The LogDog anti-hacking and privacy tool protects the most popular online account types including Gmail, Facebook, and Dropbox by detecting unusual access activity and alerting users so they can take control of their accounts before hackers do.

Edited by Pierluigi Paganini

(Security Affairs –  Underground market, hackers)