The hacking community and cyber black markets are growing and maturing according to a new report by RAND Corporation. The research used Twitter accounts as an example of how the yield of a black market product influences its price. Because Twitter account credentials potentially have a greater yield, a Twitter account costs more to purchase on the black market than a stolen credit card.
Social media accounts are valuable because they serve as gateways to additional data a criminal can harvest, increasing the value of “real” accounts to spammers. RAND found hacked accounts can be worth anywhere from $16 to $325+ depending on the account type.
Even spam Twitter accounts are worth five times the value of a spam Yahoo account, according to the RAND report’s citation The Role of the Underground Market in Twitter Spam and Abuse [PDF].
Massive data breaches such as the recent Target attack are largely responsible for the decreased credit card sale value to criminal data dealers, which RAND says is hackonomics at work:
Immediately after a large breach, freshly acquired credit cards command a higher price — as there is greater possibility for the credit cards to still be active.
But after time, prices fall because the market becomes flooded — e.g., the Target case (Kirk, 2014) — leveling off as the data becomes stale, or if there has been significant time since the last breach.
To protect against exploitation of social media accounts, Michael Callahan of Juniper Networks told ZDNet that users should take the usual precautions including password variety across different sites, not clicking on strange or unexpected links and monitoring accounts closely for fraud. ZDNet added that users should also review accounts attached to their social media accounts:
Many of us have allowed any number of apps to connect to our social media accounts. Quickly check the apps in each social media account, and remove any that are not in use.
These apps have a lot of permissions to access our account’s information and functions, some they need, and many they don’t. These apps are often built quickly, and usually have terrible security. In addition, apps get sold, and get hacked — so you may not know what’s going on with all those apps.
The RAND study found there will be more activity in “darknets,” more checking and vetting of participants, more use of crypto-currencies such as Bitcoin, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions.
Helped by such markets, the ability to attack will likely outpace the ability to defend: “Hyper-connectivity will create more points of presence for attack and exploitation so that crime increasingly will have a networked or cyber component, creating a wider range of opportunities for black markets. Exploitations of social networks and mobile devices will continue to grow. There will be more hacking-for-hire, as-a-service offerings and cybercrime brokers.”
Other key findings include:
- The cyber black market has evolved from a varied landscape of discrete, ad hoc individuals into a network of highly organized groups, often connected with traditional crime groups (e.g., drug cartels, mafias, terrorist cells) and nation-states.
- The cyber black market does not differ much from a traditional market or other typical criminal enterprises; participants communicate through various channels, place their orders, and get products.
- Its evolution mirrors the normal evolution of markets with both innovation and growth.
- For many, the cyber black market can be more profitable than the illegal drug trade.
Markets for Cybercrime Tools and Stolen Data: Hacker’s Bazaar is the first in a series of reports commissioned by Juniper Networks. As ZDNet points out, RAND’s report is not without its criticisms. “While RAND accessed experts within law enforcement (as well as other handpicked experts), the report didn’t appear to be able to include equally the other side of that equation — criminal hackers, their fences, and most importantly, the buyers.”