Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Will Break Into Email, Social Media Accounts for Just $129

Hiring a hacker to compromise an account with a popular email or social media service will cost you just $129, according to a new report from Dell SecureWorks on underground hacker markets.

Hiring a hacker to compromise an account with a popular email or social media service will cost you just $129, according to a new report from Dell SecureWorks on underground hacker markets.

By keeping an eye on the cybercrime underground between the third quarter of 2015 and the first quarter of this year, Dell researchers managed to analyze the prices of various stolen data and hacking services. Not surprising, Dell says almost any type of data or cybercriminal service is available for sale: credit card data, online banking accounts, malware, hacking services, tutorials, online payment accounts, hotel points, and the like.

According to Dell’s new report (PDF) on the underground hacker market, those interested in hiring a hacker to compromise a Gmail, Hotmail, or Yahoo account only have to pay $129 for the service. Popular U.S. social media and Ukrainian email accounts are priced the same, popular Russian email accounts range between $65 and $103, while Russian social media accounts are priced higher, at $194.

Prices of Cybercrime ServicesHackers also offer to compromise corporate email accounts, and ask $500 per business mailbox, the report reveals. What’s also interesting, is that hackers are providing customer support, they do not ask for prepayments, promise fast results (depending on the complexity of the hack) and promise complete confidentiality, saying that victims won’t noticed they’ve been hacked.

Prices for Remote Access Trojans (RATs) dropped significantly over the past three years, down from $50-$250 in 2013, to only $5-$10 in 2015. Dell’s researchers also discovered that the Angler Exploit Kit is available for $100-$135, and that the price for “Crypters” went up significantly, reaching $80-$440, compared to 2014, when this type of malware went for only $50-$150.

Hacking tutorials are up for sale for between $20 and $40, for multiple tutorials, while doxing services cost only $19.99 (down from up to $100 a year ago). While hacking a website (stealing data) costs $350, distributed denial of service (DDoS) attacks can be hired for as low as $5 per hour, $200 per week, or $1,000 per month, with the price being higher if the website has anti-DDoS protection installed.

The price for credit card data mostly went up over the past three years, with U.S. Visa and MasterCard being at the bottom, priced at $7, and Premium Visa and MasterCard with Track 1 and 2 Data going for as much as $80 for Japan and Asia, or $60 for the EU and UK. Visa Classic and MasterCard Standard in Japan and Asia are also the most expensive across regions, at $50.

Bank account credentials are being sold for a very small percentage of their balance, though prices differ based on region. US bank accounts, for example, cost between $40 (for a $1,000 balance) and $500 (a $15,000 balance), EU bank accounts cost $400, with no balance listed, while Australian ones cost between $2,250 (a $22,000 balance) and $3,800 (a $62,567 balance).

For high quality bank accounts with verified, large balances of $70,000 – $150,000, hackers charge 6 percent of the balance. Hackers charge a pricey fee for transferring funds from popular online payment accounts, as much as $950 for transferring $3,799, or up to $600 for popular US online payment account credentials with a $950 balance.

Airline and hotel points can also be purchased in these underground black markets. Based on the number of points in account, large U.S. airline points accounts priced as high as $450 for 1,500,000 points, and large Middle East airline points accounts priced at $150 for 500,000 points. A large international hotel chain points account with 1,000,000 points cost just $200, the report reveals.

Another interesting item available for purchase on the Russian underground is “full business dossiers” on companies located within the Russian Federation, Dell said. With prices ranging from 40,000 ($547) to 60,000 rubles ($822), these dossiers include credentials associated with a company’s various bank accounts, namely account numbers, logins, passwords, tokens, and the like.

“Our security experts had never seen a full business dossier being sold for any companies, much less for Russian organizations. What could one do with this type information besides potentially siphon off all the money in the company’s bank accounts? Well, the possibilities are extensive. If the company has good credit, there is certainly the potential for those possessing this data to apply for hefty bank loans, high-limit credit cards, car loans and other lines of credit,” Dell says.

Related: Zerodium Publishes Prices for Zero-Day Exploits

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.