Hiring a hacker to compromise an account with a popular email or social media service will cost you just $129, according to a new report from Dell SecureWorks on underground hacker markets.
By keeping an eye on the cybercrime underground between the third quarter of 2015 and the first quarter of this year, Dell researchers managed to analyze the prices of various stolen data and hacking services. Not surprising, Dell says almost any type of data or cybercriminal service is available for sale: credit card data, online banking accounts, malware, hacking services, tutorials, online payment accounts, hotel points, and the like.
According to Dell’s new report (PDF) on the underground hacker market, those interested in hiring a hacker to compromise a Gmail, Hotmail, or Yahoo account only have to pay $129 for the service. Popular U.S. social media and Ukrainian email accounts are priced the same, popular Russian email accounts range between $65 and $103, while Russian social media accounts are priced higher, at $194.
Hackers also offer to compromise corporate email accounts, and ask $500 per business mailbox, the report reveals. What’s also interesting, is that hackers are providing customer support, they do not ask for prepayments, promise fast results (depending on the complexity of the hack) and promise complete confidentiality, saying that victims won’t noticed they’ve been hacked.
Prices for Remote Access Trojans (RATs) dropped significantly over the past three years, down from $50-$250 in 2013, to only $5-$10 in 2015. Dell’s researchers also discovered that the Angler Exploit Kit is available for $100-$135, and that the price for “Crypters” went up significantly, reaching $80-$440, compared to 2014, when this type of malware went for only $50-$150.
Hacking tutorials are up for sale for between $20 and $40, for multiple tutorials, while doxing services cost only $19.99 (down from up to $100 a year ago). While hacking a website (stealing data) costs $350, distributed denial of service (DDoS) attacks can be hired for as low as $5 per hour, $200 per week, or $1,000 per month, with the price being higher if the website has anti-DDoS protection installed.
The price for credit card data mostly went up over the past three years, with U.S. Visa and MasterCard being at the bottom, priced at $7, and Premium Visa and MasterCard with Track 1 and 2 Data going for as much as $80 for Japan and Asia, or $60 for the EU and UK. Visa Classic and MasterCard Standard in Japan and Asia are also the most expensive across regions, at $50.
Bank account credentials are being sold for a very small percentage of their balance, though prices differ based on region. US bank accounts, for example, cost between $40 (for a $1,000 balance) and $500 (a $15,000 balance), EU bank accounts cost $400, with no balance listed, while Australian ones cost between $2,250 (a $22,000 balance) and $3,800 (a $62,567 balance).
For high quality bank accounts with verified, large balances of $70,000 – $150,000, hackers charge 6 percent of the balance. Hackers charge a pricey fee for transferring funds from popular online payment accounts, as much as $950 for transferring $3,799, or up to $600 for popular US online payment account credentials with a $950 balance.
Airline and hotel points can also be purchased in these underground black markets. Based on the number of points in account, large U.S. airline points accounts priced as high as $450 for 1,500,000 points, and large Middle East airline points accounts priced at $150 for 500,000 points. A large international hotel chain points account with 1,000,000 points cost just $200, the report reveals.
Another interesting item available for purchase on the Russian underground is “full business dossiers” on companies located within the Russian Federation, Dell said. With prices ranging from 40,000 ($547) to 60,000 rubles ($822), these dossiers include credentials associated with a company’s various bank accounts, namely account numbers, logins, passwords, tokens, and the like.
“Our security experts had never seen a full business dossier being sold for any companies, much less for Russian organizations. What could one do with this type information besides potentially siphon off all the money in the company’s bank accounts? Well, the possibilities are extensive. If the company has good credit, there is certainly the potential for those possessing this data to apply for hefty bank loans, high-limit credit cards, car loans and other lines of credit,” Dell says.