His stolen accounts Twitter can bring more profits to cyber-scammers than credit cards on the black market, according to a new report published by RAND Corporation. The report is the first of a series commissioned by Juniper Networks, said Violet Blue by ZDNet.
The exhibition "Markets for Cybercrime Tools and Stolen Data: Hacker's Bazaar” explains that a Twitter account is now worth much more on the market than a stolen one credit card, because Twitter account credentials could bring more profit.
According to RAND:
Credit card sales value plummets especially when they come from major breaches data, like the Target hack.
The report, published Monday, uses an example to explain how the performance of a Twitter account on the black market affects its price.
Immediately after a major offense, the freshest credit cards are sold at a higher price - as there is a greater chance of being still active.
After a few days, prices have plummeted, because the market has fallen - for example, the Target case - and the data is old, so there is a strong chance that the owners have been notified.
In December of 2013, Target's violation brought to the black market 40 millions of credit cards and 70 million user accounts.
Within days, customer data – such as home addresses and information σύνδεσης – εμφανίστηκαν για την πώληση σε ιστοσελίδες μαύρης αγοράς. Η τιμή ξεκίνησε από 20 έως 135 δολάρια ανά λογαριασμό και κατρακύλησε στα 0.75 όταν πέρασαν οι μέρες.
Juniper Networks employee Michael Callahan explained that social media accounts are now more and more valuable than past cash and credit cards.
"RAND has found that hacked accounts can be worth anywhere from 16 up to 325 + dollars depending on the type of account," said RAND.
Twitter accounts have become highly efficient on the black market, because the account also provides access to other user accounts that are treasure for spammers.
RAND also reports that a hacked Twitter account costs five times more than a Yahoo hacked account. "The Role of the Underground Market in Twitter Spam and Abuse"(.PDF).
Rand's report argues that the overall change in the value of a social media account is part of a wider trend of black market development for hacks, cracks and data.
The evolution of the black market reflects the normal development of the free market, both in innovation and development.
In the early to the mid-2000, hackers were focused on goods and services related to credit card details. Then, e-commerce accounts, social networks, and more, were expanded and chased.
(...) Credit card prices, for example, are falling because the market is full of data. DDoS botnets and services are cheaper because there are more choices available.
At the heart of these new choices is social networking accounts, because they act as gates to much more valuable things a criminal can collect.
Callahan reported, for example, that a Twitter account may be more valuable than a credit card because:
Given the number of people who tend to use the same username and password, hacking in an account can often yield other valuable information such as online banking or e-commerce accounts.
By stealing a victim's account details for a site, hackers may obtain information to access 10 different webpages.
(...) A stolen item of an individual's account can be used for spear-phishing attacks on friends, family and colleagues accounts for additional financial benefit.
Let's also mention the habit of many of us to authorize third-party applications to connect to our social network accounts. A safe one movement would be to immediately check every app you've used in the past and now dust and remove it if it's not in use.
These apps have many access rights to your account information and features, some need it, and some do not. But hackers certainly need it. For malicious users, it is much easier to access a social network account than a third party application rather than the social network itself. Facebook and Twitter say they have a whole security team that fixes any imperfections in the code. A third-party application, especially if not updated, is much more vulnerable to attacks.
