Researchers Go Inside Illegal Underground Hacking Markets

Researchers at Dell SecureWorks have looked at services and pricing available inside illegal online marketplaces selling crimeware, stolen identities, credit cards, and hacking services.

Underground hacker markets are peddling complete kits to create new identities, elevating in-person fraud scams a tier closer to credit card theft and fraud.

Researchers at Dell SecureWorks released an update to 2013 research on black hat markets, noticing a number of noteworthy trends beyond the theft of personal credentials such as passports, driver’s licenses, working Social Security numbers and even utility bills as a second form of authentication.

Hacking and crimeware services, for example, continue to mimic legitimate business practices by not only selling services, but also tutorials, notably how-tos on cashing out credit cards, bank transfers, basic carding, basic phishing and many more, Dell SecureWorks researchers Joe Stewart and David Shear wrote in their report.

Criminal gangs are also marketing their services, differentiating themselves based on respective service levels and guarantees on stolen data.

“It is apparent that the underground hackers are monetizing every piece of data they can steal or buy and are continually adding services so other scammers can successfully carry out online and in-person fraud,” the report said.

That doesn’t mean criminals operating online have abandoned the long-profitable stolen credit card as a revenue stream. Premium cards, including fullz, have gone up in price on average of $5 from 2013, selling at about $30; fullz is hacker slang for a full collection of stolen credentials, including name, address, phone number, email addresses, dates of birth, Social Security numbers, bank account numbers, credit card numbers and banking credentials.

While the price of individual credit card numbers remains flat or dropped from last year, the price for fullz on a U.S. victims is up to $30, while U.K, Australia, Canada, EU and Asia fullz are up to as high as $45 per record.

Premium Master Card and Visa cards that work worldwide and include Track 1 and 2 data are selling for $35 and $23 respectively, Dell SecureWorks said. Premium cards are classified Black, Platinum, Gold and others by credit card companies. Dell researchers said the number of data breaches has made cards plentiful on the underground, yet prices have not deflated, in particular for non-U.S. cards. One underground site, Dell SecureWorks said, claimed to possess 14 million U.S. cards, 294,000 from Brazil and 342,000 from around the world.

While online fraud remains a constant, the inclusion of identity kits, Dell SecureWorks said, are being used for in-person scams, including loan applications, check fraud and more. A new identity, which includes a scan of a working Social Security card, name and address nets $250 undergound—the valid utility bill will cost you an extra $100, Dell SecureWorks said. A counterfeit non-US passport, meanwhile, can fetch as much as $500.

Training tutorials, on the other hand, run the gamut from basic instruction on selling stolen credit cards to others on running exploit kits, spam, phishing and DDoS campaigns.

“These tutorials not only explain what a Crypter, Remote Access Trojan (RAT) and exploit kit is but also how they are used, which are the most popular, and what hackers should pay for these hacker tools,” the report said.

Many of these services also come with “satisfaction guarantees,” Shear and Stewart said. Carders are offering in some cases 100 percent guarantees stolen cards are still valid and have not been canceled. “All dead ones will be replaced,” the report quotes the site.

Malware continues to sell well in the underground, Dell SecureWorks said. Remote access Trojans are selling for less than last year, however, ranging from $20 to $50 for notorious RATS such as DarkComet, down considerable from as high as $250 a year ago. A number of free RATs have flooded the market, Dell SecureWorks said, deflating prices.

“Hackers are looking for a RAT that is easily available for purchase or to use for free and which they can run through a Crypter (a program which encrypts malware, making it FUD or fully undetectable to Anti-Virus and Anti-Malware programs),” the report said.

As for exploit kits, Nuclear and Sweet Orange seem to fetch the best prices with Sweet Orange going for $450 for a weekly lease to as high as $1,800 for a month.

Suggested articles