Financial data stolen by hackers is now abundantly presented on the black market and sold quite cheaply. So, credit card numbers with CVV-codes can be bought for $ 10-20, and archives with personal data cost from $ 25.
Recently, a group of cybersecurity researchers published a new report that cites the hackers' current pricing for a variety of services, including the buy credit card numbers deep web, fake documents, DDoS attacks, and identity theft. The study was conducted by Joe Stewart of Dell SecureWorks and independent expert David Shear.
The main conclusion of the study is that stolen personal data and cyber attacks are much cheaper than many people think. Experts also note that since the previous study in 2011, the situation in the "underground hacker market" has not changed much, and prices for some services have even fallen. In particular, it is now cheaper to purchase data from online bank accounts and archives with full personal data.
Archives typically include personal data such as a person's full name, address, phone numbers, email addresses, date of birth, social security number, and some banking information, such as a login from online banking. If earlier such archives were sold on the black market for $ 40-60, now their price has dropped to about $ 25 in the US and $ 30-40 abroad, the researchers note. The main reason for this drop in prices is a significant increase in supply. Today, there are many more stolen card numbers and other personal data available to buy credit card numbers on the black market.
At the same time, bank card numbers themselves (including CVV codes) are sold very cheaply. So, buying credit card numbers deep web cost about $ 10 and below, and for an additional fee you can get data from the magnetic stripe of the card. Cards from other countries are sold more expensive buying credit card numbers deep web - about $ 20. In general, foreign data from stolen bank cards, accounts, and other financial information is almost always noticeably more expensive compared to the same data for banks in the U.S. The researchers do not explain what caused this.
It is also very inexpensive to buy stolen credit card numbers online an online bank account. Such information for accounts with a balance of $ 70 thousand to $ 150 thousand costs about $ 300 or cheaper, depending on the bank and country.
In addition, access to botnets is also inexpensive. So, for the management of a network of 1 thousand computers infected with malware, you need to pay about $ 20. For 15 thousand bot machines, the price is $ 250.
Thanks to the Internet, the world has become global, so the problems that banks have in Europe or the United States. "For fraudsters, the most interesting are those data of bank customers that can be monetized with minimal risk, taking into account the peculiarities of local legislation and police practice. The proliferation of botnets – networks of virus-infected computers managed from a single hub – has made it possible to automatically collect certain categories of data, such as card details used to pay in online stores. At the same time, the mass introduction of 3D Secure secure shopping technology and SMS information have significantly reduced the value of this data, since in most cases an unauthorised operation on such cards can be carried out only once, "the expert said.
"Accounts to the RBS systems of individuals also in the general case do not represent significant value for fraudsters, since banks usually require confirmation of money transfer operations with additional one-time codes. In the case of atypical operations for the client or exceeding the established limit on transfer, bank risk monitoring systems postpone the execution of such transactions until confirmation is received from the client in a way that is not related to the use of RBS systems, for example, through a client manager. Opening bank accounts – and without this it is impossible to buy stolen credit card numbers online – is well monitored by law enforcement agencies if necessary. That is why the data that is available via the Internet is so cheap – it is impossible or unsafe to effectively monetize," explained David Scott.