By Dave Avran
IMAGINE a market place where illegal vendors offer a wide range of goods, tools, and training to enable a hacker to exploit or breach unsuspecting individuals, groups or organisations.
Customer service is the motto.
Hackers are now extending their service hours, guaranteeing their work, and expanding their offerings to keep customers coming back.
Furthermore, imagine the walls of this market place lined with advertisements offering services and information such as:
DDOS attacks for as low as $5 USD an hour;
Banking credentials from 1% to 5% of the account balance;
Airline points of 300,000 for US$90;
American Express cards for US$30;
A physical counterfeit French driver’s licence for $238 or German, U.S., Israeli, U.K. and international licences for about $173.
Better yet, what if you just want to learn to do-it-yourself? The dark web’s underground market has that covered with a range of services and tools such as:
ATM skimming devices as low as $400;
Online tutorials from $20 that cover DDOS attacks, cracking WiFi, Crypters and much more.
Concerned about quality or satisfaction? Not to worry, vendors are guaranteeing their availability with posted hours and profiles, with details on their level of professionalism, experience, tools they utilise and most importantly their honesty. (say what?)
The point I am trying to make is that the underground market place on the dark web is booming and getting bigger, more sophisticated and competitive. Knowing what you and your organisation are up against and where your information could potentially be going and what it’s worth is a great way to help prioritise what you protect.
Still not concerned yet? Ok, let’s talk about up-and-coming stolen credit card shop Trump’s-Dumps, which invokes the US 45th president’s likeness and promises to make credit card fraud great again.
One reason cyber thieves who sell stolen credit cards like to use popular American figures in their ads may be that a majority of their clients are people in the United States. Very often we’re talking about street gang members in the U.S. who use their purchased dumps (data copied from the magnetic stripes of cards swiped through hacked point-of-sale systems) to make counterfeit copies of the cards.
They then use the counterfeit cards to buy merchandise that they can easily resell for cash, such as gift cards, Apple devices and gaming systems.
Trump’s Dumps currently advertises more than 133,000 stolen credit and debit card dumps for sale. The prices range from just under $10 in Bitcoin to more than $40 in Bitcoin, depending on which bank issued the card, the cardholder’s location and whether the cards are tied to premium, prepaid, business or executive accounts.
Trump’s Dumps is currently hosted on a Russian server that caters to a handful of other high-profile carding shops.
Sites like Trump’s Dumps can be taken offline by forcing a domain name registrar to revoke the domain but the people responsible for running this shop have already registered a slew of similar domains and no doubt have fresh hosting standing by in case their primary domain is somehow seized.
Also, like many other modern carding sites, this one has mirror versions of itself running on the Dark Web, making it far more difficult to force offline.
(Some content sourced from cyber security expert Brian Krebs.)