Exploring the cybercrime underground


Cybercrime persists as an epidemic that continues to worsen every year, with associated impacts and losses on an alarming rise. Some of what contributes to the growth of the cybercrime underground is the convenience, speed, and anonymity the Internet provides to enable online crimes. An important enabler to the cybercrime eco-system are darknet markets. Darknet markets let cybercriminals trade in weapons, drugs and illegal products without much concern of getting caught. Darknet markets are hidden websites hosted on the deep-web; they cannot be accessed using regular browsers or search engines. They are increasing in numbers as well as users, primarily due to the anonymity they provide.

Vicky Ray, Unit 42 senior threat intelligence analyst, Palo Alto Networks said, “Cybercriminals use darknet markets to buy and sell data which has likely been stolen either directly from victims’ computer systems or gained by compromising a large database. Typically accessed using the Tor network, the decentralised architecture makes it increasingly difficult for law-enforcements to take action against darknet markets.”

Palo Alto Networks has identified six of the most common types of information and services that are transacted by cybercriminals in the darknet markets.

1. Credit cards

Credit cards are sold in the darknet markets and are further used by cybercriminals to commit fraud, finance their requirements and make a profit. Using cards and cheques, Australians transacted AUD$1.92 trillion in 2015, with AUD$468 million of these transactions found to be fraudulent. (1) Due to the high number of credit card frauds, the financial industry may find it overwhelming to investigate every fraud incident and may only focus on cases where the cost of the fraud is very high. Aware of this, cybercriminals conduct only a small number of transactions on each card to avoid being detected by anti-fraud systems.

Vicky Ray said, “The typical cost of credit cards being sold in the darknet markets can range from USD$1 to $25 for each card. The cost is higher if there is a confirmed high balance or if it is a premium card, for example platinum, business, corporate or gold. Some of the costs can be much higher of they come in a bundle and may also include how-to tutorials on making the most out of the credit cards to conduct fraud.”

2. Credit score

Stolen identities are in big demand in darknet markets as they let cybercriminals commit fraud using a fake identity. This can include victims of phising or malware attacks, or breaches of organisations that hold personally identifiable information (PII) of their customers. Credit score reports are one of the most highly-traded PII in the darknet markets, with the highest-score reports going for a higher price.

3. Passport and driving license scams

Identity documents such as passports and driving license scams are also in high demand as they can be used to commit fraud ranging from opening bank or PayPal accounts to purchasing real estate. With many public services available online, scanned copies of passports or licenses can be used to transact services by criminals using real people’s identities. Given the PII data used in many such services, this type of information is in demand in the darknet markets as they can be used to conduct multiple types of fraud.

4. Document scan templates

Other popular items for sale in the darknet markets are templates for documents such as passports, driving licenses, bank statements, utility bills, credit cards, tax statements and invoice receipts.

Vicky Ray said “Many listings have these templates available in bundles. For example, nine templates for Canadian documents consisting of passport scans, bank statements, invoice documents and utility bills are selling at a discounted price of US$387 where the original price would have exceeded $500 if bought separately.”

5. Comprised account credentials

The credentials of many online services including banking, telco, social media networks and others continue to be popular in the darknet markets.

6. Malware/exploit kit services

There are many types of malicious tools and services for sale in the darknet markets. For example, a buyer can purchase a ransomware and BTC stealer setup service where a seller provides the tools and also configures it for the buyer.

Within the Asia-Pacific region, Australia sees the biggest impact from identity crimes with an estimated loss of AUD$2.2 billion annually. (2) The Australian Federal Police says identity crime has been a key enabler for organised crime, which costs Australia AUD$15 billion annually. (3) Vicky Ray said “This is not a surprise as a large number of listings in the darknet markets are of Australian PII data. We have seen Australian data being sold in the darknet markets, which include medical details of Australian citizens, drivers license, passport scans and bank account details among others.

A large percentage of internet and online service users are unaware of the threats in the digital world and tend to not follow common online safety measures to secure their personal information or their systems. This eventually results in personal data being stolen and traded in darknet markets, where the information is further used to commit fraud.

Organisations should follow industry standards on securing data and implement security technologies to prevent cyberattacks and reduce the risk of data being stolen and traded in the darknet markets.”

(1) Australian Payments Clearing Association (APCA) – http://www.apca.com.au/docs/default-source/fraud-statistics/australian_payments_fraud_details_and_data_2016.pdf
(2) Identity crime and misuse in Australia 2016 – https://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Documents/Identity-crime-and-misuse-in-Australia-2016.pdf
(3) Australian Federal Police – https://www.afp.gov.au/what-we-do/crime-types/fraud/identity-crime