Target, Adobe, Neiman Marcus and countless other companies had tens of millions of records ripped off. But what ultimately happens to the data hackers steal? Of course they might use it themselves. But hacking often requires a different skill set from, say, identity theft. The other possibility is selling the data to other criminals who do have the right skill set.
Or they could sell it online to other cybercriminals. In a place Rebecca Stopoli on yahoo.com describes as the “deep web,” cybercriminals maintain bizarre bazaars where a buyer can get anything from drugs, weapons and hit men to use the weapons to stolen data. All they need is money and a browser like Tor to hide their identities.
Stopoli talks about Yahoo Finance’s voyage into the deep web for a virtual “shopping trip to browse what was available for purchase at this vast illicit Internet mall [where] sales here can come and go very quickly, and items are often priced by the level of difficulty attached to obtaining them.”
Following is a price list from Yahoo Finance’s trip:
- Credit card (Premium with high limit) $200
- Credit card (with Social Security number) $12
- PayPal account: 6% to 20% of the account balance
- Online bank account (US) 2% of account balance
- Online bank account (EU) 4-6% of account balance
- Hacked email accounts $200 for 1000 Gmail addresses; $12 for 1000 Hotmail addresses
- Hacked webcams $0.01 for male owner; $1.00 for female owner
- Rent a botnet (USA) $180 for 1,000 computers
- Rent a botnet (Russia) $200 for 1,000 computers
- Rent a botnet (Canada) $270 for 1,000 computers
- Money laundering: 2% transaction fee
- Counterfeit currency: $600 for twenty-five $50 US bills
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.