Intel Security has revealed the results of its investigation into the Dark Web, where stolen data and accounts are routinely traded among criminals.

Intel’s Hidden Data Economy report looks at what is available for sale on the cyber black market, in an “underground marketplace for nefarious products that is not accessible to us muggles.”

Dark Web

Intel warns that this underground marketplace has evolved to include almost every conceivable cybercrime product for sale or rent. The report found that for example, entire PayPal accounts worth between £250 – £650 were being sold for as little as £15 to £30 on the Dark Web.

The Dark Web (or Deep Web) essentially is still part of the World Wide Web, but its content is not indexed by search engines and it tends, therefore, not to be accessed by the majority of law-abiding citizens.

Intel Security found that the Dark Web also has for sale credit and debit card data, bank log-in details, entire personal identities, and stealth bank transfers.

Hackers also tout for business by offering access to large corporations, including banks and airlines and critical infrastructure systems (such as hydroelectric plants).

And there seems to be code of practice in operation on the Dark Web, with illegal sellers listing adverts in the same way as legitimate sellers, offering guarantees on stolen credit cards for example. Another irony is that Dark Web forums name and shame ‘bad sellers’ who have sold stolen cards that don’t offer up what was promised.

A stolen credit or debt card on average sells for $5 to $30 in the United States, and $20 to $35 in the United Kingdom. Bank login credentials for a $2,200 balance bank account sell for $190, and the prices go up depending on the balance available.

“Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behaviour,” said Raj Samani, CTO for Intel Security EMEA. “This ‘cybercrime-as-a-service’ marketplace has been a primary driver for the explosion in the size, frequency, and severity of cyber attacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay.”

“A criminal in possession of the digital equivalent of the physical card can make purchases or withdrawals until the victim contacts the card issuer and challenge the charges,” said Samani. “Provide that criminal with extensive personal information which can be used to ‘verify’ the identity of a card holder, or worse yet allow the thief to access the account and change the information, and the potential for extensive financial harm goes up dramatically for the individual.”

The Dark Web also offers account login credentials to online content services such as online video streaming, and premium cable channel streaming services.

And for the criminal who wants a bit of luxury, the Dark Web offers login credentials to hotel loyalty programmes loaded with points for example.

Intel warned that these are not the only example of what is for sale on the Dark Web and only “represent only the tip of an iceberg.”

Cybercrime Hub

Earlier this year security specialist Trend Micro unsurprisingly discovered that cybercrime is the activity most associated with the Dark Web.

It found that light drugs (e.g cannabis) were the most-exchanged goods, followed by pharmaceutical products like Ritalin and Xanax, hard drugs, and even pirated games and online accounts.

Last year, hundreds of “hidden” websites, including the Silk Road 2.0 underground marketplace, were seized by law enforcement agencies in the US and 16 European countries in a coordinated raid that resulted in the arrest of 17 people.

Prior to that five men were arrested by Dutch and German police in a crackdown on two dark websites selling drugs and other illicit services, Utopia and Black Market Reloaded

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

2 days ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

2 days ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

2 days ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

3 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

3 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

3 days ago