Difficulties in monetizing stolen data

Last year broke all records in the number of leaks of various password databases and other user information. We are already starting to get used to the inner feeling that someone at any moment can get into our computer / smartphone and manage it there. Not to mention the fact that trusting someone about yourself is becoming an increasingly risky business, given the wholesale leaks at every turn. In this situation, it is encouraging that, nevertheless, information security systems are developing and it becomes more difficult for hackers every year to steal, but also to monetize our data later.

As you all probably already know, at the end of November 2014, hackers managed to infiltrate the internal network of Sony Pictures Entertainment. After some time, the company began blackmailing with the demand for money. Sony Pictures did not agree with the attackers and refused to pay, as a result of which gigabytes of stolen information were published on the network, including data on employees and their salaries. Despite the fact that hackers could not cash in on Sony Pictures itself, the stolen data still costs money. But the specific price depends on a number of factors, and today selling stolen data is not at all as easy as in the past.

Another high-profile case of last year: Home Depot stole information from 56 million bank cards of their customers and 53 million email addresses from April to September. This has become one of the largest hacks in history. Soon, on the black market, portions of the database with credit card numbers began to pop up, and prices depended on potential suitability for cashing out. Fortunately, banks are now very quickly block the compromised cards, forcing crooks steal everything used on lshie amount of room for falling income compensation.

Heavy everyday life of a fraudster

For example, out of 10,000 stolen credit cards, only about 100 can potentially bring thieves revenue, and only about 10 will be truly profitable, says Alex Holden, founder and director of information security at Hold Security , a company specializing in the search for stolen credit cards on clandestine sites. He also noted that today it has become more difficult for hackers to steal such information due to the development of protective equipment.

Hackers need email lists of potential victims, tools to create spam messages that bypass filters on mail servers, and specialized malware that antiviruses will not intercept. As in the days of the "gold rush", when many merchants profit from the sale of shovels and other tools, today the trade in stolen lists and tools for fraud and hacking is flourishing. But all these costs are fully covered from the income of hackers.

“ You can't do a major operation alone, ” says Holden, whose company once discovered security holes in Target and Adobe Systems. “ At the same time, each participant in the chain needs to pay. "



One way to speed up the cashing of stolen data is to create trading accounts in fake payment systems. Thus, bank cards can be used to pay for false transactions, managing to withdraw a lot of funds from the accounts before the banks have time to block them. One such underground payment system is Voxis Platform . It allows fraudsters to increase profits from stolen card numbers by automated scheduled withdrawals.

“ Today, cybercriminals do not have enough resources to monetize stolen data in large volumes, ” says Andrei Komarov, CEO of IntelCrawler. “The margin of this business is low today, and selling large numbers of card numbers is very problematic.»

Hackers are trying to solve problems by increasing the volume of thefts, concentrating efforts on organizations with weaker security systems. “ Today, it’s not enough for cybercriminals to simply obtain credit card information, ” said Steven Cavey, director of corporate development at Ground Labs , a company that provides tools to help companies detect vulnerabilities in their networks. “ Now they are trying to steal as much personal information as possible. "



According to Cavey, the personal information of real people is used to receive money from companies that offer the online payday loan service. Fraudsters provide credit organizations with as much stolen information as possible in order to appear honest and law-abiding citizens in the eyes of the security service, which checks loan applications.

Good old blackmail

Another trend was the blackmail of organizations from which information was stolen. But it is unlikely that large companies such as Sony Pictures will pay hackers for not posting the stolen in the public domain. After all, like any other blackmailer, hackers will then appear with new requirements.

One of the cases where attackers can manage to force the organization to pay is the encryption of vital data for it. Yes, and ordinary users of the network for about 10 years suffer from malware that blocks their computers and requires money in exchange for an unlock code. Modern versions of such malware also actively use file encryption on the hard drives of infected machines.

The only effective protection to date from programs requiring ransom, like the infamous Cryptolocker, is to regularly back up all the important information. Otherwise, you will have to pay about $ 500 in bitcoin equivalent for decrypting each infected computer. Moreover, there are cases when, after payment to ransomware, the decryption code is not sent, with all the consequences.

Tourism is next

According to Holden, in the near future we can expect an increase in hacker interest in the tourism industry, where you can steal bonus miles and other types of awards for loyal customers. This forecast is also based on the fact that the tourism market is very poorly controlled, and many of its participants attach little importance to information security. Already there have been recorded cases of the creation of fake travel agencies, whose customers provided a lot of data about themselves, including bank cards and accounts with cumulative discounts. Bonus miles and points can be monetized in many ways. For example, exchange for real goods during various promotions, or convert to gift cards. Airlines update information on the number of bonus miles in accounts every 2-30 days. This gives hackers enough time to monetize their prey.

* * *



As you understand, today the issue of information protection is more acute than ever for ordinary users and for companies. Therefore, in one of the next publications we will talk in detail about the security features implemented in Yota Phone 2. In order not to miss this post, we recommend signing up for our blog.