McAfee study on the prices of stolen data on the Dark Web

You know my passion for the Dark Web, I spend a lot of time monitoring activities in the hidden part of the web with a particular interest in illegal activities that exploit anonymity of such environment.

Today I have found the announcement of a new report, titled “The Hidden Data Economy,” published by the experts at McAfee Labs that have identified a number of websites and services in the Dark Web used by the criminal communities for the commercialization of stolen data.

First of all, we have to understand which kind of commodities offered in the criminal underground were monitored by the team of experts.

The researchers from McAfee Labs monitored pricing for stolen payment card data, bank account and online payment service login credentials, premium content service login credentials, enterprise network login credentials, hospitality loyalty account login credentials, and online auction account login credentials.

A dangerous trend that is confirmed is the propensity to the model of sale known as cybercrime-as-a-service. The term Cybercrime-as-a-Service refers the practice in the cyber criminal ecosystem to provide product and services for use by other criminals. In September 2014, a report from Europol’s European Cybercrime Centre (EC3), the 2014 Internet Organised Crime Threat Assessment (iOCTA) report, revealed the diffusion of the business model in the underground communities and highlighted that barriers to entry in cybercrime ring are being lowered even if criminal gangs have no specific technical skills.

For example, criminals can rent a botnet of machines for their illegal activities, instead to infect thousands of machines worldwide. These malicious infrastructures are built with a few requirements that make them suitable for the criminals, including User-friendly Command and Control infrastructure and sophisticated evasion techniques.

“Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behavior,” said Raj Samani, CTO for Intel Security EMEA. “This ‘cybercrime-as-a-service’ marketplace has been a primary driver for the explosion in the size, frequency and severity of cyber attacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay.”

Stolen Payment card data is one of the most traded commodities in the underground. According experts at McAfee, a basic offering includes a software-generated, valid number that combines a primary account number (PAN), an expiration date and a CVV2 number.

In line with the information provided by other reports, prices rise when sellers include also additional information with the stolen card data. “Fullzinfo” includes bank account ID number, date of birth, victim’s billing address, PIN number, social security number, and other information like parent’s maiden name.

“A criminal in possession of the digital equivalent of the physical card can make purchases or withdrawals until the victim contacts the card issuer and challenge the charges,” continued Samani. “Provide that criminal with extensive personal information which can be used to ‘verify’ the identity of a card holder, or worse yet allow the thief to access the account and change the information, and the potential for extensive financial harm goes up dramatically for the individual.”