Cybercrime black market

You may be wondering about the issue of data security with VPN.

But do you know that a European credit card has more value on the cybercrime black market than one from North America? Do you realize that Twitter is one of the favorite tools of communication for hackers that drive the small parallel cybercrime world? Can you believe that more than a quarter of the US adult population, i.e. 64 million American adults had been notified in 2015 alone that their personal data had been breached?

Studies on Cybercrime market
That is what we have learnt from various reports about Markets for Cybercrime Tools released by RAND, a nonprofit entity, specialized in analyzing and research.

A specific 2014 study assesses that the cyber black market as being composed of 70% isolated individuals or small groups, 20 % individuals who are part of criminal organizations , 5% of cyberterrorists , 4% “sponsored by a State players “and only 1% of hacktivists, but not members of Anonymous.
This Rand report estimated 10-20 % hard to find expert players and about 25 % true specialists.” This limited proportion is linked to the emergence in the last years of easier tools, such as Botnets now available for different uses such as mining tools to denial of service types of attack … for much lower prices, ranging from US$50 to several thousand dollars, “depending on the size of the botnet required to carry out the attack.”

Besides, cybercriminals do not hesitate to communicate, even opening some online stores where the customer can adjust its market and generally with currencies, such as Bitcoin. The client and the seller may even be asked to share an account with a webmail for sharing information, without sending e -mail, but recording their communications in a single draft which will be then destroyed.
The most competent hackers are also increasingly cautious with intermediaries who stood between them and the applicants and get specialized in specific fields: banking information, personal health data, etc…

Do you have an idea of the value such stolen data can have: data on a freshly stolen card can be worth between $ 20 and $ 45 per unit. Surprisingly enough, a Twitter account access can be as juicy as some bank account data, due to it is potentially giving access to even more data.

The highest rates are concentrated on the so-called zero-day vulnerabilities, i.e. software flaws that are not corrected. It can reach several thousand dollars for a flaw in a low-scale program and nearly a million dollars if the security issue is serious and affects a large operating system. The average is between 200 and 300 thousand dollars, according to this study.

Some dark sides about this market: critical flaws evaluation also encourages players, such as Google, to increase the rewards for hackers who report previously unknown vulnerabilities.

This black market cybercrime will continue to evolve as a classic economic market. Rand sets some trends related to changing needs, the reliability of the current actors, a wider public access, some hackers getting more specialized and the market’s ability to adapt to an ever changing world (i.e. the Arab Spring in Egypt had an effect of reducing the supply of stolen credit cards … )

Cybercrime Black market: the distribution of roles

To launch a successful phishing attack and to make the most from it, you best need a group with everyone playing a different role. Most of the time, the attackers do not have the skills to carry out all the necessary tasks: so they have to rely on each other to get specialized in a particular field. Some hackers do not have the technical knowledge to operate the software and get into systems. Only a few have the capacities to efficiently automate their scams using sophisticated bots or specialized utilities:

• Spammers – They are in charge of sending phishing e-mail to as many addresses as possible.
• Web Developers – They are responsible for creating malicious websites that resemble legitimate ones.
• Exploiters – These are generally amateur attackers known as “script kiddies”, which identify victim computers (called “roots”) that can be used to host a phishing site, or A relay of spam. In some cases, exploiters will enter credit card databases to collect bank data directly, and avoid the phishing phase completely.
• Cashiers – They will be debiting funds from a compromised credit card or bank account and converting them into cash for the phisher.
• Depositors – They are able to deliver purchased goods with information diverted from a credit card to an unidentifiable delivery point. Goods purchased with the stolen information from a credit card or a bank account, referred to as “carded”.

Black market values

Various products and services are exchanged between phishers and fraudsters. Here is a list of items considered to be of value, of course it is non-exhaustive:

• Credit card numbers – with CVV2 numbers (the 3 or 4 digits on the back of the card) is a plus
• Root or administrative access to servers – pirated servers to which cyber hackers can freely access are generally used to host phishing websites and are often referred to as “roots” by members of these chat rooms and forums
• Email lists – these lists are used to send junk e-mail or being used as targets of a phishing scam.
• Online bank accounts
• Online payment service accounts, such as e-gold. E-gold is popular among cyberescrocs because funds are sent out immediately and are generally not identifiable.
• Western Union accounts – Western Union is popular because funds are sent out immediately and are not identifiable or recoverable.

All these goods are exchanged or sold in the course of unusual online conversations e.g.  via IRC, or online forums. This is where the seller can obtain a “seller” account and run his business. This allows them to post a specific price list for potential buyers. Users give feedback on their experience with fraudulent “sellers”, and thus create a sort of trusted system that discourages potential “scammers”. It is also possible that sellers pay a start-up fee and go through a basic procedure to check their account before they can be allowed to be a seller on a forum dedicated to cybercrime.

The future of cybercrime black market looks flourishing. It is also facilitated by the proliferation of connected devices – with people becoming hyper-connected and the power of social media and mobile phones, which will be increasingly targeted. Online security is an everyday and every moment issue. You computer security is at stake, but all your mobile devices and personal or financial data shall also be protected.

This is why data security with VPN is all the more needed: Le VPN encrypts your Internet connections and keeps private the sites you visit and the information you leave on these sites.

Any information you send will go directly into your secure virtual tunnel. With Le VPN service, you can easily direct your traffic as coming from one of the 120+ available countries. Your computer and your mobile phone or tablet will connect to the Internet from one of these countries and no one can intercept your online business. You will be able to download all the content you want and access even blocked sites, without any trouble. Changing your IP simply through Le VPN service is one of the most important steps to surf the Internet safely and anonymously.

This is how VPN keeps security for all your devices and data. So get the most of data security with VPN.