In 2020 well-known corporations and organizations such as NASA, McDonald’s, Microsoft, T-Mobile, Lockheed Martin, and even cybersecurity companies FireEye and SolarWinds became the victims of data breaches.
You’ve probably seen news feeds full of such headlines more than once, but where does all that stolen information go next? Of course, it goes on the darknet.
Darknet (also known as «The Hidden Network»; «The Dark Network»; «The Shadow Network»; «The Dark Web») is a hidden network whose connections are established only between trusted peers, sometimes referred to as «friends» using non-standard protocols and ports. An anonymous network is a system of unconnected virtual tunnels that provide encrypted transmission of data.
Privacy Affairs experts released another dark web market study that answers how much your personal information is worth and why you should protect it. The data reflects data from Sept. 9, 2021.
For a recap of how things were last year, click here.
What is for sale on the darknet?
Your personal information, including your name, email address, credit card numbers, online bank logins, can be bought for a few dollars. But crypto-accounts and passports of the European Union will cost from $ 400 to $ 6500.
As for trends, Privacy Affairs has identified six major popular selling points:
- Cloned credit cards and cardholder data
- Payment processing services such as PayPal, Western Union accounts
- Cryptocurrency accounts
- Social media accounts
- Fake documents – scans and physical
- Email databases
Research has shown that the amount of data leaked on the darknet has increased significantly compared to last year. Fake IDs and credit card numbers are especially popular. The number and the variety of items to buy, such as hacked cryptocurrency accounts and web services, have increased.
What’s interesting is that darknet sales begin to parody traditional markets, offering to buy two cloned credit cards and get one for free. Sellers are also looking to reduce the likelihood of detection and tracking by law enforcement. For this reason, they have begun rejecting Bitcoin (BTC) because it is «insecure.» Therefore, sellers require buyers to use Monero as payment and communicate only through PGP encryption.
To further illustrate the prosperity of this market, below is a snapshot of the seller’s profile with buyer ratings. This fake ID seller, according to Privacy Affairs, registers sales every day:
Credit Card Data
Despite an increase in supply, the price of cloned credit cards and related data has gone up in price compared to last year. This is can be due to several factors: increased risk of getting the information, increased customer benefit from the information, improved quality/accuracy of card data, or just good old-fashioned inflation.
Sellers of stolen credit cards typically offer an 80% guarantee, which means that two out of every ten cards are either inaccurate or have a balance less than stated.
- A cloned Mastercard with a PIN for $25
- A cloned VISA card with a PIN for $25
- Cloned American Express with a PIN for $35
- Credit card data account balance up to $1,000 for $150
- Credit card data account balance up to $5,000 for $240
- Stolen online banking logins, $100 minimum account balance for $40
- Stolen online banking logins, minimum $2,000 in account for $120
- Walmart account with a credit card attached for $14
Hacked crypto accounts are one of the most desirable items to buy. Due to the skyrocketing prices of bitcoin and other cryptocurrencies, hacked accounts can hold large amounts of money. And often these wallets are poorly protected.
The high value of accounts combined with the abundance of BTC ATMs for anonymous cashing makes cryptocurrency accounts a very valuable target for hackers.
- Hacked verified Coinbase account – $610
- Verified LocalBitcoins account – $350
- Verified Crypto.com account – $300
- Verified Coinfield.com account – $410
- Verified account Kraken – $810
- Verified Cex.io account – $710
- Verified Blockchain.com account – $310
- Verified Binance account – $410
Prices for hacked social media accounts are dropping on all platforms. In addition, offers to hack specific accounts or sell them were relatively rare but still encountered. The value of purchased social activity (likes, followers) has also dropped.
- Hacked Facebook account – $65
- Hacked Instagram account – $45
- Hacked Twitter account – $35
- Hacked Gmail account – $80
- Instagram subscribers x 1000 – $5
- Spotify subscribers x 1000 – $2
- Twitch subscribers x 1000 – $5
- LinkedIn subscribers x 1000 – $12
- Pinterest subscribers x 1000 – $4
- Soundcloud retweets x 1000 – $1
- Twitter retweets x 1000 – $25
- Instagram likes x 1000 – $6
Fake documents can be purchased both as digital scans and as physical documents. Such documents are provided with several warranties and with any details the buyer needs. With a little bit of real information about someone, a criminal can create a range of official documents.
Scans of documents with selfies are another valuable acquisition, as they can be used for SIM card spoofing attacks or requests for access to personal data.
- Alberta Canada driver’s license (scan) – $32
- Minnesota driver’s license – $20
- Utility bill templates – $39+
- US business check templates – $15
- NSW (Australia) driver’s license – $20
- Russian passport scan – $100
- New York driver’s license – $80
- US selfies with an ID card – $100
- Valid US Social Security number – $2
As for fake passports, prices range from $1500 to $6500.
The malware gives hackers full access to a device then it can be used to hijack computer resources with ransomware or to steal user information.
The most common ways to introduce malware are through fake online casinos, social networks, fake websites, etc. For every 1,000 installations, hackers can steal tens of thousands of dollars.
According to Privacy Affairs, prices for some «items» fluctuate compared to last year:
A DDoS (Denial of Service) attack aims to shut down a website by sending thousands of requests per second to overload a website’s server and cause it to crash. Typically, these attacks do not steal information, but they are used to take down a site or conceal other hacking activities.
Why this information is important
You may say that information about the darknet marketplace does not provide useful information for the average person. It provides insight into how valuable your data is and how cheaply you can be exploited.
We often read horror stories about unsuspecting victims losing their savings, yet we’re pretty sure this will never happen to us. There is nothing reliable – we are all already hacked by default, following the zero-trust principle. Thus, anyone, anytime, can steal your data. The sad truth is that with the growing supply of personal information on the darknet, the likelihood and frequency of destructive hacks increase every day. But! You can make it very difficult for cybercriminals, thereby increasing their labor costs and decreasing their interest in your information.
How to protect yourself from data theft
- Avoid public Wi-Fi
Avoid public or insecure Wi-Fi connections. If you need to log in to an account on a network you don’t trust, such as a coffee shop, use a VPN to encrypt all connections.
- Use secure ATM habits
Check for skimmers on your ATM. Skimmers are devices installed over an ATM (often exact replicas of a card reader) to read your card and send your information to a hacker.
- Keep your information confidential
Don’t give out confidential information over the phone to anyone. If at all possible, do it in person.
- Use anti-malware software
Use anti-virus software such as AVG on your personal computer to scan for malware and make sure that it is set to update automatically.
- Keep accounts and passwords secure
Never reuse the same password for multiple accounts. That is the easiest way for a hacker to gain access to your accounts. Also, delete those you no longer use. Old accounts can be compromised and used for password resets or similar attacks.
These rules may seem complicated and burdensome, but once you get used to following them, they become as natural and vital to you as brushing your teeth and washing your hands. This way, you develop a «sense» of cybersecurity both in the digital space and in everyday life.