Dell Secureworks reports on economic upheaval in the hacker black market

News by Max Metzger

The black market for trading hacking tools and stolen data is still immature, as evidenced by wild price fluctuations as criminals try to work out the true value of their assets.

A new report from Dell Secureworks has highlighted new fluctuations in the hacker underground.

Secureworks, the part of Dell which handles cyber-security, released the report called Underground Hacker Markets. The results are the product of months of work trawling hacker networks.

The report notes, “While much of the cyber-crime hitting organisations throughout the world is the result of cooperation by hackers working outside the confines of publicly-accessible marketplaces, these underground forums provide a small window into the world cyber-criminals occupy.”

Like any market, prices in the underground market are highly sensitive to outside pressures. Ken Dietz, director of the Dell SecureWorks CSO team, spoke to to explain some of the fluctuations in this shadow economy: “There are several reasons which can affect the fluctuation in prices including the geopolitical situation. For example the rise in passport costs could be due to the refugee crisis affecting parts of EMEA.”

Importantly, hacker business models are still in a nascent phase, said Dietz: “It's an emerging market and the hackers are still determining what the appropriate price is for their service. Because it's an immature market there will be fluctuations as different nefarious sources price their services differently.”

Another development has been the sale of full business dossiers. For between 40,000 (£400) and 60,000 (£600) rubles, the willing cyber-criminal can buy, in one go, tranches of compiled data on individual companies including articles of incorporation, lease agreements and tax identification numbers, as well as user credentials and a whole host of other valuable identifying data.

The SecureWorks report noted that even Dell's security experts had never before seen a full business dossier on sale like this.

Putting customer service at a premium, one dossier vendor allows the potential client to review the document for a full two days before purchase.

With those dossiers, “the possibilities are extensive”, Dietz told SC. “If the company has good credit, there is certainly the potential for those buying and ultimately possessing this data to apply for hefty bank loans, high-limit credit cards, car loans and other lines of credit.”

Dietz added, “It is not too surprising to see Russian organisation's' bank account credentials and sensitive company data being sold on the Russian Underground.”

Late last year, SecureWorks discovered Tinba, a popular banking trojan normally choosing targets outside of Russia, aimed at some of Russia's top financial institutions. “It would not be a big  stretch for these same hackers to also target valuable corporate data, in addition to a company's bank credentials.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews