McAfee study on the prices of stolen data on the Dark Web

Pierluigi Paganini October 16, 2015

McAfee Labs has analyzed a number of websites and services in the Dark Web used by the criminal communities for the commercialization of stolen data.

You know my passion for the Dark Web, I spend a lot of time monitoring activities in the hidden part of the web with a particular interest in illegal activities that exploit anonymity of such environment.

Today I have found the announcement of a new report, titled “The Hidden Data Economy,” published by the experts at McAfee Labs that have identified a number of websites and services in the Dark Web used by the criminal communities for the commercialization of stolen data.

First of all, we have to understand which kind of commodities offered in the criminal underground were monitored by the team of experts.

The researchers from McAfee Labs monitored pricing for stolen payment card data, bank account and online payment service login credentials, premium content service login credentials, enterprise network login credentials, hospitality loyalty account login credentials, and online auction account login credentials.

A dangerous trend that is confirmed is the propensity to the model of sale known as cybercrime-as-a-service. The term Cybercrime-as-a-Service refers the practice in the cyber criminal ecosystem to provide product and services for use by other criminals. In September 2014, a report from Europol’s European Cybercrime Centre (EC3), the 2014 Internet Organised Crime Threat Assessment (iOCTA) report, revealed the diffusion of the business model in the underground communities and highlighted that barriers to entry in cybercrime ring are being lowered even if criminal gangs have no specific technical skills.

For example, criminals can rent a botnet of machines for their illegal activities, instead to infect thousands of machines worldwide. These malicious infrastructures are built with a few requirements that make them suitable for the criminals, including User-friendly Command and Control infrastructure and sophisticated evasion techniques.

“Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behavior,” said Raj Samani, CTO for Intel Security EMEA. “This ‘cybercrime-as-a-service’ marketplace has been a primary driver for the explosion in the size, frequency and severity of cyber attacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay.”

Stolen Payment card data is one of the most traded commodities in the underground. According experts at McAfee, a basic offering includes a software-generated, valid number that combines a primary account number (PAN), an expiration date and a CVV2 number.

In line with the information provided by other reports, prices rise when sellers include also additional information with the stolen card data. “Fullzinfo” includes bank account ID number, date of birth, victim’s billing address, PIN number, social security number, and other information like parent’s maiden name.

“A criminal in possession of the digital equivalent of the physical card can make purchases or withdrawals until the victim contacts the card issuer and challenge the charges,” continued Samani. “Provide that criminal with extensive personal information which can be used to ‘verify’ the identity of a card holder, or worse yet allow the thief to access the account and change the information, and the potential for extensive financial harm goes up dramatically for the individual.”

Dark Web stolen card data

The prices of  compromised online payment service accounts mainly depend by the account balance as reported in the following table.

Dark Web stolen data

Very interesting also the offer for Bank login credentials on the Dark Web, the experts discovered that banking login credentials and services related to accounts with a $2,200 balance are selling for $190. Bank login credentials are very precious because are normally used to stealthily transferring funds to U.S. banks, their value ranged from $500 for a $6,000 account balance, to $1,200 for a $20,000 account balance.

Quite in line the offer for the United Kingdom transfers ranged from $700 for a $10,000 account balance, to $900 for a $16,000 account balance.

In the dark web, it is possible to acquire online premium content services, including online video streaming and premium comic book services. Same price samples are

  • online video streaming ($0.55 to $1)
  • professional sports streaming ($15)
  • premium cable channel streaming services ($7.50)
  • premium comic book services ($0.55)

Less traded goods include some specific categories of online services, such as login credentials to hotel loyalty programs and online auction accounts, a major hotel brand loyalty account with 100,000 points for sale for $20, and an online auction community account with high reputation marks priced at $1,400.

Pierluigi Paganini

(Security Affairs –  Dark Web, stolen data)


you might also like

leave a comment