With markets specializing in laundering cryptocurrencies, renting botnets for DDoS attacks and selling personal data, the dark web is a propitious place for fraudulent activities. This week, cybersecurity company ESET released an analysis of the main products and services marketed on this gloomy slice of the Internet. THE dnetc prepared a list of the main results of the survey and explains, below, details of the cybercrime businesses.
#FiqueEmCasa: tips and news help you stop the coronavirus
Criminals profit from selling data and financial services on the dark web – Photo: Pond5
Want to buy cell phones, TV and other discounted products? Discover Compare dnetc
See also: ‘Worst Internet Passwords’ Use Series Characters’ Names
‘Worst Internet Passwords’ Use Series Characters’ Names
On the dark web, most cybercriminals offer personalized work for around € 250 (about R $ 1,563 thousand in direct conversion) per hour. The price of hacker attacks varies depending on the architecture of the website and the organization to be hacked. If the problem to be solved is urgent, it is possible to hire a service premium which guarantees a response in 30 minutes.
Criminals profit from offering hacking services on the dark web – Photo: Disclosure / Bully Hunters
According to ESET’s analysis, cybercriminals also offer to change a student’s grades or break into a slightly cheaper cell phone, in addition to accessing email and social networks.
2. Botnet and DDoS rental
ESET identified offers of DDoS attacks using large botnets. One of the suppliers mapped by the cybersecurity company charges $ 89 (about $ 478) to take a website down for two days. The values can reach up to US $ 623 (about R $ 3,591.40 thousand) for one week. Users interested in orchestrating the attack alone also have the possibility to purchase a package to create their own botnet. The offer includes the control panel, the builder and plugins for remote control, as well as instructions, support and an update manual.
Exploits are used to take advantage of systemic vulnerabilities – Photo: Pond5
The dark web houses databases with all kinds of exploits, sequence of commands or fragments of software that can take advantage of vulnerabilities. Some of them can be downloaded for free and, it seems, are intended for flaws that have already been fixed. Others are more critical and cost between 0.1 and 0.5 bitcoins. ESET has also identified exploits for zero-day vulnerabilities, even if a deposit is required to enter this restricted area.
4. Sale of servers and information
Criminals also market stolen servers and compromised user information. By the end of last year, almost 2,500 servers were on sale in Brazil, more than 500 in Argentina, 330 in Mexico and 250 in Colombia. Prices range from US $ 10 (R $ 57.64 in direct conversion) to US $ 12 (about R $ 69) per server, although they can reach US $ 15 (about R $ 86) in cases where the computer’s operating system is more updated.
According to ESET, the servers are sold to people interested in initiating attacks, temporarily storing illegal information or carrying out activities without a trace. The buyer can access the servers from a remote desktop and control it as they prefer.
Personal documents are for sale on the dark web – Photo: Nicolly Vimercate / dnetc
Selling personal information is another source of profit for dark web criminals. Among the data sold are e-mails, passwords, addresses, identity documents and even social security or registration numbers. Debit and credit cards obtained through phishing campaigns are also for sale.
5. Financial services and cryptocurrency laundering
Bitcoin laundering services grow on the dark web – Photo: Disclosure / FISL
Bitcoin laundering services, also called Bitcoin Mixers, are becoming increasingly popular. The mechanism is very simple, since the blockchain that stores transactions in bitcoins is public and traceable. With Bitcoin Mixers, criminals carry out a series of small transactions between «dirty» and «clean» money from reserves, making tracking difficult.
To protect yourself from attacks or cyber scams and preserve data security, it is necessary to take some precautions, listed below.
- Do not expose your personal data on social networks or on unofficial, unknown or insecure websites and platforms;
- Keep the operating system up to date;
- Avoid storing personal, bank or password information in the browser and choose to use password managers, specific programs for this purpose;
- Install a good antivirus on your device;
- Pay extra attention to emails that request information such as your full name, social security number and bank account. Check the sender of the message to make sure it’s not a phishing scam. If necessary, contact the institution in question;
- Use different passwords on each site;
- Give preference to Internet banking applications instead of accessing the bank account via browser;
- Avoid browsing websites without the HTTPS protocol.