How the hacker economy works
Information Week has published a great article on how the "hacker economy" works. At once it is necessary to make a reservation that the word “hacker” is used there as a synonym for the word “computer criminal, hacker”. Although in a broad sense, the word "hacker" has rather a positive meaning .
According to the FBI, especially dangerous hacker groups were formed in Eastern Europe, that is, in Belarus, Russia, Romania and other countries in the region. The cybercrime unit grew in size to the third in the FBI, second only to counter-terrorism and intelligence units. “We have to deal with hackers who hack machines and search for [private] information for subsequent sale,” says special agent Chris Stangl of the FBI.
Making a complete picture of the hacker economy is not at all easy, because it is carefully hidden from prying eyes. Few members of the criminal community agree to share information. However, there is some reliable information on this.
For example, among Russian hackers, extortion is a very common technique. Hackers get into the system and encrypt some important files, and then contact the owners of the company with a proposal to buy a password for the archive.
')
But real professionals do not do this on an ongoing basis, because extortion is too risky - it requires a direct financial transfer from the victim to the criminal. It’s much safer to sell stolen information on the black market. On the Internet you can find sites where credit cards with verification codes are sold and bought. It is rumored that some hackers earn half a million dollars a year by trading in such information.
Credit cards are usually sold in bulk. The fact is that there is a high probability of fraud (blocking a transaction), so if the card is blocked, then you can immediately use another one. Prices start at $ 1 per card and are highly dependent on its freshness. Recently stolen cards are more expensive.
Credit card thieves call themselves "carders." It is they who buy such information in order to order goods on someone else’s cards in online stores. Purchase and sale of credit cards occurs in IRC chat rooms, as well as on closed and open forums such as CardersMarket and Carder.info , and sometimes lots even pop up at official auctions. The most experienced hackers enter only private, encrypted, password-protected IRC chat rooms.
At one of the carding trading forums of CardingWorld.cc , more than 100,000 published messages from 13,000 registered users have already accumulated, most of which speak Russian. On this site, you can buy information from the Bank of America and Fidelity Bank servers, as well as PayPal accounts and secure money transfer / cashing services. The site TalkCash.net is a list of "threw" and "honest traders."
The average lifetime of such sites is about six months. When the site is "lit", carders move to a new location.
Black market prices
Trojan programs: from $ 980 to $ 4900
Credit card with verification code: $ 490
Birth Certificate: $ 147
Driving license: $ 147
Social Security Card: $ 98
Credit card number with security code and expiration date: from $ 6 to $ 24
PayPal account and password to it : $ 6
Cardholder's billing information, including account number, address, social security number, home address and date of birth: from $ 78 to $ 294
Cybercriminals use anonymous payment systems to transfer money, such as PayPal and e-gold. Sometimes transfers are made through Western Union. All this is a rather risky operation, because under US law, banks must report on all transfers in excess of $ 10,000. But this restriction can be circumvented by splitting the transfer into several parts or paying for other goods.
Another liquid commodity in the hacker economy is malicious software, including viruses, worms, and Trojans. The so-called exploits allow you to use holes in the software and penetrate into other systems. According to experts, the exploit industry works as well as the official software industry. Exploit “providers” buy exploit code from representatives of the underground, scramble it to protect it from pirates, and sell a “packaged” exploit. It can then be used to create a new or expand an existing botnet .
In December 2006, an exploit for the Windows Vista operating system was sold on the Romanian forum for $ 50,000. This is the normal price for an “zero day” exploit that uses a hole that is not yet known to computer security experts. Hackers go one step ahead of the official "specialists" - this is not surprising. According to some experts, the total turnover of the hacker economy exceeds the total revenues of all computer security companies combined.
Malicious software has recently become more and more sophisticated. According to the Anti-Phishing Working Group, only in December last year, 340 new variants of keyloggers and Trojans were discovered: this is an absolute record over the entire measurement period.
According to the FBI, especially dangerous hacker groups were formed in Eastern Europe, that is, in Belarus, Russia, Romania and other countries in the region. The cybercrime unit grew in size to the third in the FBI, second only to counter-terrorism and intelligence units. “We have to deal with hackers who hack machines and search for [private] information for subsequent sale,” says special agent Chris Stangl of the FBI.
Making a complete picture of the hacker economy is not at all easy, because it is carefully hidden from prying eyes. Few members of the criminal community agree to share information. However, there is some reliable information on this.
For example, among Russian hackers, extortion is a very common technique. Hackers get into the system and encrypt some important files, and then contact the owners of the company with a proposal to buy a password for the archive.
')
But real professionals do not do this on an ongoing basis, because extortion is too risky - it requires a direct financial transfer from the victim to the criminal. It’s much safer to sell stolen information on the black market. On the Internet you can find sites where credit cards with verification codes are sold and bought. It is rumored that some hackers earn half a million dollars a year by trading in such information.
Credit cards are usually sold in bulk. The fact is that there is a high probability of fraud (blocking a transaction), so if the card is blocked, then you can immediately use another one. Prices start at $ 1 per card and are highly dependent on its freshness. Recently stolen cards are more expensive.
Credit card thieves call themselves "carders." It is they who buy such information in order to order goods on someone else’s cards in online stores. Purchase and sale of credit cards occurs in IRC chat rooms, as well as on closed and open forums such as CardersMarket and Carder.info , and sometimes lots even pop up at official auctions. The most experienced hackers enter only private, encrypted, password-protected IRC chat rooms.
At one of the carding trading forums of CardingWorld.cc , more than 100,000 published messages from 13,000 registered users have already accumulated, most of which speak Russian. On this site, you can buy information from the Bank of America and Fidelity Bank servers, as well as PayPal accounts and secure money transfer / cashing services. The site TalkCash.net is a list of "threw" and "honest traders."
The average lifetime of such sites is about six months. When the site is "lit", carders move to a new location.
Black market prices
Trojan programs: from $ 980 to $ 4900
Credit card with verification code: $ 490
Birth Certificate: $ 147
Driving license: $ 147
Social Security Card: $ 98
Credit card number with security code and expiration date: from $ 6 to $ 24
PayPal account and password to it : $ 6
Cardholder's billing information, including account number, address, social security number, home address and date of birth: from $ 78 to $ 294
Cybercriminals use anonymous payment systems to transfer money, such as PayPal and e-gold. Sometimes transfers are made through Western Union. All this is a rather risky operation, because under US law, banks must report on all transfers in excess of $ 10,000. But this restriction can be circumvented by splitting the transfer into several parts or paying for other goods.
Another liquid commodity in the hacker economy is malicious software, including viruses, worms, and Trojans. The so-called exploits allow you to use holes in the software and penetrate into other systems. According to experts, the exploit industry works as well as the official software industry. Exploit “providers” buy exploit code from representatives of the underground, scramble it to protect it from pirates, and sell a “packaged” exploit. It can then be used to create a new or expand an existing botnet .
In December 2006, an exploit for the Windows Vista operating system was sold on the Romanian forum for $ 50,000. This is the normal price for an “zero day” exploit that uses a hole that is not yet known to computer security experts. Hackers go one step ahead of the official "specialists" - this is not surprising. According to some experts, the total turnover of the hacker economy exceeds the total revenues of all computer security companies combined.
Malicious software has recently become more and more sophisticated. According to the Anti-Phishing Working Group, only in December last year, 340 new variants of keyloggers and Trojans were discovered: this is an absolute record over the entire measurement period.
Source: https://habr.com/ru/post/5054/
All Articles