Dell SecureWorks published in November 2013 the results of a remarkable project taken on by its Counter Threat Unit (CTU) Director of Malware Research Joe Stewart and independent Network Security Analyst David Shear: The Underground Hacking Economy is Alive and Well. Their research uncovered an extensive and virile underground market for hackers and digital ne’er-do-wells. The duo listed available bad-guy tools, hacker services, and their associated costs. For example, the ever-popular US Fullz sold for $25 US. That may seem like a lot, but the buyer gets a lot — typically all of the following victim’s personally-identifiable information:
- Full name, address, phone numbers, and email addresses (with passwords)
- Date of birth, SSN, or Employee ID Number (EIN)
- Bank account information (account number, routing number, and account type)
- Online banking credentials (varying degrees of completeness)
- Credit-card information (including full track 2 data and any associated PINs)
Additional services offered in the hacker markets include:
- Credit/debit cards from around the world
- Infected computers ($20 US buys 1,000 bots)
- Exploit kits
- Hacker services (rent a DDoS attack for $100 US a day)
The Dell SecureWorks CTU had been following hacker markets for several years prior to 2013, allowing them to delineate changes in the underground economy. “In 2011, the CTU saw hackers selling US bank account credentials with balances of $7,000 for $300,” the paper mentions. “Now, we see accounts with balances ranging from $70,000 to $150,000 go for $300 and less, depending on the banking institution where the account is located.”
Why the drop in prices? The paper mentions, “There is no shortage of hackers willing to do about anything, computer related, for money, and they are continually finding ways to monetize personal and business data.”
Fast forward to December 2014
Stewart and Shear are back, and the word in the Dell SecureWorks December 2014 report, Underground Hacker Markets (PDF), is more of the same. “The most significant difference between the current hacker underground markets and those of 2013, is that the markets are booming with counterfeit documents to further enable fraud, including new identity kits, passports, utility bills, social security cards and driver’s licenses,” mentions the 2014 paper. “Of course, these types of documents are required to commit many kinds of in-person fraud, whether it is buying high-end purchases with duplicated credit or debit cards at a retail outlet; applying for bank loans; committing check fraud; or attempting government fraud.”
For the curious, a fake US driver’s license sells for around $150 US, scans of US Social Security cards including name and address go for $250 US, and $100 US adds a utility bill to make the fraud attempt less suspicious.
It seems, in 2014, the digital underground decided there is a market for training aids. Hacker markets already provide services such as DDoS attacks. So, it is not much of a leap to include how-to tutorials, for a fee of course. Stewart and Shear note a manual containing several tutorials sells for $30 US.
Another trend seen by the researchers seemed inevitable. What do businesses do in order to stand out from the crowd — offer something unique. In the case of the hacker markets, that appears to be guarantees.
Dell SecureWorks ends the report with a list of security precautions companies and individual users should have in place. The following safeguards are the more notable ones:
- Reconcile your banking and credit card statements, often, with online banking and/or credit card activity to identify potential anomalies.
- Do not use “trial versions” of antivirus products as your source of protection. Trial versions do not get updates.
- Be cautious about installing software deemed too good to be true, as it likely contains malware.
- Subscribe to a credit monitoring service, and set up alerts to warn you of any changes or credit checks.
As the bad guys get more sophisticated, it seems we must as well.