His stolen accounts Twitter μπορούν να επιφέρουν περισσότερα κέρδη στους κυβερνο-απατεώνες από τις πιστωτικές cards, on the black market, according to a new report published by the RAND Corporation. The report is the first of a series commissioned by Juniper Networks, said Violet Blue by ZDNet.
The exhibition "Markets for Cybercrime Tools and Stolen Data: Hacker's Bazaar” explains that a Twitter account is now worth much more on the market than a stolen one credit card, because Twitter account credentials could bring more profit.
According to RAND:
Credit Card Selling Value has a vertical drop especially when it comes from major data breaches such as Target's hack.
The report, published Monday, uses an example to explain how the performance of a Twitter account on the black market affects its price.
Immediately after a major offense, the freshest credit cards are sold at a higher price - as there is a greater chance of being still active.
After a few days, prices have plummeted, because the market has fallen - for example, the Target case - and the data is old, so there is a strong chance that the owners have been notified.
In December of 2013, Target's violation brought to the black market 40 millions of credit cards and 70 million user accounts.
Within days, customer data – such as home addresses and login information – appeared for the sale to websites black market. The price ranged from $20 to $135 per account and dropped to $0.75 as the days went by.
Juniper Networks employee Michael Callahan explained that social media accounts are now more and more valuable than past cash and credit cards.
"RAND has found that hacked accounts can be worth anywhere from 16 up to 325 + dollars depending on the type of account," said RAND.
Twitter accounts have become highly efficient on the black market, because the account also provides access to other user accounts that are treasure for spammers.
RAND also reports that a hacked Twitter account costs five times more than a Yahoo hacked account. "The Role of the Underground Market in Twitter Spam and Abuse"(.PDF).
Rand's report argues that the overall change in the value of a social media account is part of a broader trend developmentof the black market for hacks, cracks and data.
The evolution of the black market reflects the normal development of the free market, both in innovation and development.
In the early to mid-2000s, hackers focused on goods and services related to data credit cards. Then they expanded and went after credentials of e-commerce accounts, social networks, and more.
(...) Credit card prices, for example, are falling because the market is full of data. DDoS botnets and services are cheaper because there are more choices available.
At the heart of these new choices is social networking accounts, because they act as gates to much more valuable things a criminal can collect.
Callahan reported, for example, that a Twitter account may be more valuable than a credit card because:
Given the number of people who tend to use the same username and password, hacking in an account can often yield other valuable information such as online banking or e-commerce accounts.
By stealing a victim's account details for a site, hackers may obtain information to access 10 different webpages.
(...) A stolen item of an individual's account can be used for spear-phishing attacks on friends, family and colleagues accounts for additional financial benefit.
Let's also mention the habit of many of us authorizing third-party applications to link to social network accounts. A safe move would be to immediately check every application you've used in the past, and now you're dusting and removing it if it's not in use.
These apps have many access rights to your account information and features, some need it, and some do not. But hackers certainly need it. For malicious users, it is much easier to access a social network account than a third party application rather than the social network itself. Facebook and Twitter say they have a whole security team that fixes any imperfections in the code. A third-party application, especially if not updated, is much more vulnerable to attacks.
