Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Will Break Into Email, Social Media Accounts for Just $129

Hiring a hacker to compromise an account with a popular email or social media service will cost you just $129, according to a new report from Dell SecureWorks on underground hacker markets.

Hiring a hacker to compromise an account with a popular email or social media service will cost you just $129, according to a new report from Dell SecureWorks on underground hacker markets.

By keeping an eye on the cybercrime underground between the third quarter of 2015 and the first quarter of this year, Dell researchers managed to analyze the prices of various stolen data and hacking services. Not surprising, Dell says almost any type of data or cybercriminal service is available for sale: credit card data, online banking accounts, malware, hacking services, tutorials, online payment accounts, hotel points, and the like.

According to Dell’s new report (PDF) on the underground hacker market, those interested in hiring a hacker to compromise a Gmail, Hotmail, or Yahoo account only have to pay $129 for the service. Popular U.S. social media and Ukrainian email accounts are priced the same, popular Russian email accounts range between $65 and $103, while Russian social media accounts are priced higher, at $194.

Prices of Cybercrime ServicesHackers also offer to compromise corporate email accounts, and ask $500 per business mailbox, the report reveals. What’s also interesting, is that hackers are providing customer support, they do not ask for prepayments, promise fast results (depending on the complexity of the hack) and promise complete confidentiality, saying that victims won’t noticed they’ve been hacked.

Prices for Remote Access Trojans (RATs) dropped significantly over the past three years, down from $50-$250 in 2013, to only $5-$10 in 2015. Dell’s researchers also discovered that the Angler Exploit Kit is available for $100-$135, and that the price for “Crypters” went up significantly, reaching $80-$440, compared to 2014, when this type of malware went for only $50-$150.

Hacking tutorials are up for sale for between $20 and $40, for multiple tutorials, while doxing services cost only $19.99 (down from up to $100 a year ago). While hacking a website (stealing data) costs $350, distributed denial of service (DDoS) attacks can be hired for as low as $5 per hour, $200 per week, or $1,000 per month, with the price being higher if the website has anti-DDoS protection installed.

The price for credit card data mostly went up over the past three years, with U.S. Visa and MasterCard being at the bottom, priced at $7, and Premium Visa and MasterCard with Track 1 and 2 Data going for as much as $80 for Japan and Asia, or $60 for the EU and UK. Visa Classic and MasterCard Standard in Japan and Asia are also the most expensive across regions, at $50.

Bank account credentials are being sold for a very small percentage of their balance, though prices differ based on region. US bank accounts, for example, cost between $40 (for a $1,000 balance) and $500 (a $15,000 balance), EU bank accounts cost $400, with no balance listed, while Australian ones cost between $2,250 (a $22,000 balance) and $3,800 (a $62,567 balance).

For high quality bank accounts with verified, large balances of $70,000 – $150,000, hackers charge 6 percent of the balance. Hackers charge a pricey fee for transferring funds from popular online payment accounts, as much as $950 for transferring $3,799, or up to $600 for popular US online payment account credentials with a $950 balance.

Advertisement. Scroll to continue reading.

Airline and hotel points can also be purchased in these underground black markets. Based on the number of points in account, large U.S. airline points accounts priced as high as $450 for 1,500,000 points, and large Middle East airline points accounts priced at $150 for 500,000 points. A large international hotel chain points account with 1,000,000 points cost just $200, the report reveals.

Another interesting item available for purchase on the Russian underground is “full business dossiers” on companies located within the Russian Federation, Dell said. With prices ranging from 40,000 ($547) to 60,000 rubles ($822), these dossiers include credentials associated with a company’s various bank accounts, namely account numbers, logins, passwords, tokens, and the like.

“Our security experts had never seen a full business dossier being sold for any companies, much less for Russian organizations. What could one do with this type information besides potentially siphon off all the money in the company’s bank accounts? Well, the possibilities are extensive. If the company has good credit, there is certainly the potential for those possessing this data to apply for hefty bank loans, high-limit credit cards, car loans and other lines of credit,” Dell says.

Related: Zerodium Publishes Prices for Zero-Day Exploits

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.