How much is a hacker from the Middle Kingdom?

    Welcome to our iCover Blog Pages ! Toward the close of the outgoing year, Trend Micro, an analytical company, published an updated report titled “Innovations in the Chinese Cybercrime Underground”. This detailed document, based on statistics for the period 2014-2015, talks about the cost of "services" that Chinese hackers provide and the current trends of the Chinese cybercriminal. We will slightly open some interesting pages of the report and briefly dwell on the most “popular” directions of this, as published data show, of an actively developing market.

    image


    According to Trend Micro, one of the most sought-after spyware applications is the Apple App Store. It turns out that it is quite possible for a malicious application to settle comfortably on this site, and Chinese hackers are ready to bypass the protection of the application store for $ 4000. At the same time, you can publish the program using your own boosting services in the TOP-5 rating of paid applications. The cost of publishing the program in the TOP 25 free applications will cost $ 7200 already. Trend Micro analysts have noted a significant increase in demand for such services and, accordingly, their prices since 2013. So, for example, the last service at that time line cost more than two times cheaper and cost $ 3400.

    The table below shows the comparative rates for the output of the application in the TOPs of the App Store.

    image

    In addition to analytical data related to the mobile services market, the report also affects other segments of malicious activity by hackers, including spam, hacking email, creating Trojans, preparing and conducting DDoS attacks, etc. The availability of prices is unpleasantly surprising:

    • 80,000 iMessages spam messages can be ordered for $ 630;
    • 50,000 spam mails cost $ 95;
    • hacking corporate email will cost $ 95;
    • for a DDoS attack with a capacity of 100 Mbit / s you will need to pay only $ 79 per month;
    • the creation of a trojan, on average, is ordered for $ 315;
    • tops the rating of the cost of fraudulent services hacking an encrypted dongle, estimated at $ 12,600;
    • You can order and take a beginner carder course on one of the darknet forums for $ 500.

    It should be noted here that for many services of cyber fraudsters from the Middle Kingdom, including those listed in the list above, prices, on the contrary, decreased slightly. The dynamics of changes in supply prices in the market in 2014-2015, in comparison with 2013, is reflected in the summary table.



    Despite the popularity of the above proposals on the black market of cyber services, the service related to the manufacture and sale of malicious PoS terminals leads in the degree of damage caused. The level of production and distribution of such terminals infected with malware today, alas, can be called massive. Sales are organized mainly on various B2B resources like 1688.com, lzise.com and others. Customers - organizations serving businessmen at various levels. The purchase is carried out through a chain of retailers, which slightly increases the final cost of the solution, but allows cybercriminals to remain beyond the line of sight.



    In the vast majority of cases, entrepreneurs are unaware of the threat to them and their business from such an acquisition. As for the hackers themselves, from the moment of sale and activation of the PoS terminal and until the fact of fraud is revealed, they automatically receive all the data about the user's cards in real time in the format of SMS messages (see the figure below).




    The cost of the device, ready to be installed as a keyboard overlay, is 2,000 yuan (US $ 312). Information about the code is stored in the memory of the chip, which after some time is physically extracted by the attacker to further read and process the collected data and use it to withdraw funds from the owners cards. Thus, according to information provided by Trend Micro, a network of PoS terminals “equipped” in this way, installed in small hotels and restaurants, allowed only 1,100 users to seize personal information about the cards of August 1, 2015 and expose $ 236,507 ( over 1,500,000 yuan). Characteristically

    Another actively developing area is the production and trade of panel panels for ATMs. Combined ATM-skimming devices that allow an attacker to simultaneously capture the card’s magnetic stripe data and record a PIN code using a camera hackers from China sell, on average, for $ 600 (about 4,000 yuan) (see figure below).





    A skimmer for 5,000 yuan ($ 780 US) with an integrated chip purchased on lzise.com will allow you to make unauthorized purchases after reading credit card holder information. An advanced skimmer with a keyboard that increases the likelihood of an accurate PIN code reading will cost as much as $ 900.

    The “marching” option is an entry-level skimmer that fits easily in a jacket pocket - only $ 140. It is these devices that are used by some dishonest sellers of offline stores, employees of restaurants, hotels and other establishments in which unsuspecting customers pay with credit cards, temporarily handing them over to small service personnel.



    The trend of our days is the rapid growth in the popularity of electronic and mobile payment systems. So with respect to the Celestial market, it is expected that during the coming year the volume of non-cash electronic payments made via the Internet and via mobile devices will grow by 27%. And at the same time, the traditional method of payment using PoS-terminals remains in demand. If two years ago, fraud with the theft of credit card funds using PoS, as noted in the company's report, could be attributed to isolated cases, now the situation has changed dramatically. As evidence, Trend Micro cites an example of one of such “hot spots” where the whole network of infected PoS terminals worked and, most likely, continues to work - the Chinese metro. So in February last year, the publication notes,5,130,000 yuan (more than $ 800,000) .

    In 2014-2015, services remained still popular for creating invalid authentication certificates, sending fake letters, integrating a special Master application that redirected users to a fictitious payment page, and many other tricks monthly and daily replenishing hacker accounts with hundreds of thousands of yuan.

    For more information about fraud options and the cost of services of professional hackers from China, see the Source of

    Good Luck to you, and be careful!



    Dear readers, we are always happy to meet and wait for you on the pages of our blog. We are ready to continue to share with you the latest news, review articles and other publications and will try to do our best to make the time spent with us useful for you. And, of course, do not forget to subscribe to our columns .

    Our other articles and events


    Also popular now: