For the second time in two years, Flashpoint researchers have scrutinized the prices displayed on dark and deep-web underground marketplaces. Result: The prices are stable.
For example, records that are used as the basis for identity theft and in addition to name, date of birth also include the address ("Fullz") between 4 and 10 US dollars per package. In Germany, this information is often enough to buy online for a bill. If the victim's financial information is included in the record, the prices go up to $ 65. The exact price depends on information about US citizens from their credit score, a Schufa score comparable rating.
Data from citizens of other regions of the world, such as Europe or Australia, are considerably more expensive, according to the Flashpoint report. Hundreds of dollars are called for such fullz. The likely reason: a scarce supply of stolen records. For example, access to a German checking account with a credit limit of $ 7,000 costs $ 175. For comparison: The access data for a US bank account with a limit of $ 10,000 are already on offer for $ 25.
A similar picture can be found in documents such as passports: While Photoshop templates, in which criminals can enter arbitrary names and dates of birth, cost US $ 18 for US passports, for German passport templates in PSD format are US 46 -Dollar due. A completely fake passport, however, should cost up to $ 5,000.
Price increase for DDoS service providers
According to Flashpoint, the upper end of the rents for a DDoS botnet was just over $ 30. In the meantime, multiple attacks would be necessary for such attacks on online offers. Depending on the bandwidth and duration of the attack, the prices are between 1 and 150 US dollars. For the maximum price, a one-hour DDoS attack on an on-line service operated by banks, governments or military. Conventional but DDoS-protected sites can be attacked for $ 25 an hour.
RDP (Remote Desktop Protocol) accessible machines are also available. Criminals use them to take over user accounts, send spam or credit card fraud. By misusing the IP addresses of the victims, the criminals are blurring their tracks or undermining geolocation checks.
The providers of hacked RDP servers therefore classify the machines among other things by country, type of IP address (domestic or business), suitability for credit card or online banking scams and so on. Again, prices vary by region and versatility: RDP access to a US-based calculator starts at $ 5, and the rest of the world gets over $ 20. Calculators that allow the login into the PayPal account of the victim, cost from 250 US dollars – including Fullz record.