26 April 2020

FRAUD AND HACKING/HOW-TO GUIDES ARE THE MOST SOLD ITEMS ON THE DARK WEB


Sudais Asif posted an April 18, 2020 article to the cyber security and technology blog/website, HackRead, with the title above. As Mr. Asif explains, the original intent of the Dark Web was to give individuals an opportunity to hide their online activities from autocratic governnments intent on surveilling their every digital move. But, as with almost anything else, the darker digital angles of our nature saw an opportunity to conduct illicit online activities — ranging from drug and weapons transactions, selling personal data from governments, corporations and individuals, trafficking in child pornography, and even hiring a hitman.

“Concerning the general perception surrounding it, the vast majority believe that stolen data through breached data bases and drugs are what make up the bulk of these [illicit] items,” Mr. Asif wrote. “The truth, however, is far from it,” he added.

To understand the leading online illicit items Mr. Asif wrote, “Terbium Labs — a digital risk protection company — analyzed “three leading [Dark Web] marketplaces (see link ar top of page) comprising of the ‘Canadian HeadQuarters,’ ‘Empire Market,’ and the ‘White House Market.’ And, they found:

1) Fraudulent how-to guides, which include tutorials on performing malicious activities, were the most sold item on the dark web at 49 percent of all sales. “An example.” Mr. Asif noted, would be a query on “How to open a fraudulent account at a financial institution? These listings had an average price of $7.88;”


2) Stolen personal data comprised 15.9 percent of all sales, which includes names, phone numbers, emails, addresses, [passwords] and social security numbers, with an average price of $8.45;

3) Non-financial accounts and log-on credentials accounted for 8.2 percent of sales, which include the likes of Netflix and “those that do not lead to any financial harm; [I would challenge that judgment of no financial harm] and,

4) Log-on credentials for financial accounts such as Paypal, Stripe, and other banking mediums at 8.2 percent;

5) Fraud tools and templates [how-to guides]. accounted for 8 percent of all sales. “These items were available for anywhere between $2-$274, with an average price of $52; and, can include fake apps that become a Trojan Horse once the victim downloads the app,” Terbium found. Included in this category are website templates that can be used to masquerade as a a legitimate, well-known company, fooling the victim into thinking he/she has just received some kind of benefit from a legitimate company — only to find if they open the link they will have been illegitimately breached;

6) Pre-paid payment cards, which can be exploited to incur unauthorized charges/payjments, account for 7 percent of dark web sales. Prices for these fradulent payment cards range from $18-$200.

In addition to the above, the sale of stolen video teleconferencing credentials and personal data has exploded in the past month — probably too late for this study — as the work from home movement is in full swing due to the coronavirus pandemic. Last week, 530,000 Zoom Video accounts, including passwords, emails, links to personal meetings, log-on credentials and host keys were for sale on the Dark Web.

Several years ago, one needed to be a sophisticated hacker to successfully execute many of the malicious deeds outlined above — no longer. These how-to hacker guides, along with the sale of artitifical intelligence enhanced malware has allowed even a novice hacker to leapfrog their way into the big leagues. Some hacking tools go for a little as $2; but, as with almost everything, you get what you pay for. To get the really elegant, nasty, sick and twisted ‘stuff,’ you may have to shell out $25K; but, if you can afford to, those kind of funds can open the doors to the really profound cyber hacking tools, such as industrial-grade, artificially enhanced, stealth malware.

Phishing pages are available for big brands, including: FaceBook, PayPal, Apple, and NetFlix,” for as little as $2.28. Crypto-Currency Fraud Malware goes for $6.07; Remote Access Trojans for $9.74; and, WiFi Hacking Software Tools sell for $3.00.

If you want the full package, which would include everything just mentioned, as well as Bluetooth Hacking Software, Keylogger, FBI/NSA Hacking Tools, Anonymity Tools, Carding Software, Password Hacking Software, Cell Tower Simulator Kit, Fraudulent Account, and Forgery Templates — it will cost you just $126. If you have deeper pockets, less than $3K will super-charge your hacking abilities and opportunities, including tutorials on how to stealthily employ these ‘tools-of-the-trade,’ and ‘best hacking practices,’ which increase your chances of a successful hack. 

There is even a Dark Web Price Index (DWPI), first published in 2018, which allows a prospective hacker to peruse the panoply of available malicious tools of the trade. 

None of this is really surprising, with perhaps the exception of just how really inexpensive it is to super-charge one’s hacking abilities. Malware- distribution-for-a-fee, and malware-as-a-service has been one of the fastest growing segments in the underbelly of the Dark Web Marketplace. Indeed, these kinds of illicit software, can transform a routine cyber thief into the ‘big-time,’ — overnight. Having said that, Law enforcement, intelligence agencies, and other security entities aren’t defenseless; and, are getting better at ferreting out and discovering a lot of these threats and eliminating them.

But, as General (Ret.) Petraeus liked to say — “The adversary gets a vote.” The most talented of the sick and twisted cyber thieves haven’t been caught yet; and, are constantly improving new and novel/creative, and devious ways to compromise and exploit any network weaknesses. And, penetrating this underground digital network is often a very difficult challenge, and can take a great deal of time and effort to unmask. Most, if not all of the best cyber thieves, stay hidden in the darkest corners of the Dark Web, where invite-only chat rooms is the norm; and, trust, but verify is standard operating procedure.

Alas, there are no digital silver bullets. The digital wilderness of mirrors is alive and well on the Dark Web, where denial and deception thrive, and almost anything goes. And remember, it is almost always the second digital mouse/thief — that gets the digital cheese.

No comments: