Business is booming on the Dark Web according to Dell SecureWorks's annual report that examined current and emerging trends in the underground hacker marketplace. The cyber security company's third annual Underground Hacker Markets Report says, hackers are increasingly operating as regular businesses with many advertising themselves as "honest, trustworthy and professional," and offering a variety of illicit goods and services on the cheap.
According to the Dell report, released on 5 April, the information was gathered by two intelligence analysts from the company's CISO INTEL Team, who tracked hackers on various forums and marketplaces across the globe, particularly the Russian underground and English-speaking marketplaces, to provide "a small window into the world cybercriminals occupy." With most cybercrime goods and services freely available, Dell found that the going price for someone to hack into your email account or buy your digital identity is getting cheaper. Stolen bank account credentials, passports, social media hacking and other services tend to fetch higher prices and prices are steadily rising.
"Like any other market in a capitalist system, the business of cybercrime is guided by the supply and demand for various goods and services," the report's authors wrote. "Unfortunately for the law abiding public, both sides of that equation remain strong, with everything from credit cards to hacker-for-hire services being sold online."
Security analysts found that hackers are offering to steal personal emails from US-based email accounts including Gmail, Yahoo or Hotmail for just $129 (£92). Hacking into someone's corporate email account will cost $500 per mail box. Breaking into popular Russian email accounts, however, will cost between $65 and $105. If someone is looking to hack the IP address of a computer user, it will cost them another $90.
Hacking into social media accounts was also included in the list of illicit services where breaking into a US-based Facebook and Twitter account will cost $129. The price jumps again to break into popular social websites in Russia such as VR.ru and Ok.ru, costing $194.
Prices for a Remote Access Trojan (RAT) — a malware program that allows cybercriminals to secretly control your computer remotely — are dirt cheap, going for as little as $5 to $10. An Angler Exploit Kit, on the other hand, costs between $100 and $135. DDoS attacks are usually charged by the hour, day or week and range from $5 to $555. Doxing goes for $20. Hacking tutorials are also available for purchase online for criminals on a budget and goes for as little as $20-$40.
One of the most popular items on the underground market this year is the upgraded ATM "skimmer" — hidden electronics that steal personal data stored on your debit or credit card's magnetic stripe. These devices are priced at $1,775 with new 3D printed versions coming out as well.
On the Russian underground, "full business dossiers" on companies located within the country are also available for purchase and include credentials associated with the company's bank accounts including account numbers, logins, passwords and more.
"Our security experts had never seen a full business dossier being sold for any companies, much less for Russian organizations. What could one do with this type information besides potentially siphon off all the money in the company's bank accounts? Well, the possibilities are extensive," Dell said.
To compete and guarantee "customer satisfaction," hackers are increasingly focusing on salesmanship to please customers. Dell says one ad offered "free-trial attacks" and "abilities" while other hackers are expanding their work hours to include weekends and even boast of 24/7 customer service.
Dell's report comes amid rising concerns by governments and law-enforcement officials about the growing threat of cybercrime and cyberterrorism. It also highlights the frightening potential for anyone with internet access and money to create fear and chaos by disrupting critical networks and infrastructure.