Target, Adobe, Neiman Marcus and countless other companies had tens of millions of records ripped off. But what ultimately happens to the data hackers steal? Of course they might use it themselves. But hacking often requires a different skill set from, say, identity theft. The other possibility is selling the data to other criminals who do have the right skill set.
Or they could sell it online to other cybercriminals. In a place Rebecca Stopoli on yahoo.com describes as the “deep web,” cybercriminals maintain bizarre bazaars where a buyer can get anything from drugs, weapons and hit men to use the weapons to stolen data. All they need is money and a browser like Tor to hide their identities.
Stopoli talks about Yahoo Finance’s voyage into the deep web for a virtual “shopping trip to browse what was available for purchase at this vast illicit Internet mall [where] sales here can come and go very quickly, and items are often priced by the level of difficulty attached to obtaining them.”
Following is a price list from Yahoo Finance’s trip:
- Credit card (Premium with high limit) $200
- Credit card (with Social Security number) $12
- PayPal account: 6% to 20% of the account balance
- Online bank account (US) 2% of account balance
- Online bank account (EU) 4-6% of account balance
- Hacked email accounts $200 for 1000 Gmail addresses; $12 for 1000 Hotmail addresses
- Hacked webcams $0.01 for male owner; $1.00 for female owner
- Rent a botnet (USA) $180 for 1,000 computers
- Rent a botnet (Russia) $200 for 1,000 computers
- Rent a botnet (Canada) $270 for 1,000 computers
- Money laundering: 2% transaction fee
- Counterfeit currency: $600 for twenty-five $50 US bills