HackDig : Dig high-quality web security articles for hacker

The Market for Online Credentials

2014-08-19 06:50

In July of this year, six individuals in Russia and the United States were charged with taking part in an international hacking ring that stole more than $1 million. However, this time the attackers didn’t filch credit cards or banking information. According to reports, Vadim Polyakov, a Russian national, allegedly hacked over 1,600 accounts on an online ticket vendor site and fraudulently purchased more than 3,500 tickets worth upwards of $1 million. He then sent the tickets to three American accomplices who resold them and laundered the profits. 

This instance is far from the only one of its kind, with news just this month of hackers stealing 1.2 billion Internet user credentials and pawning them off to spammers to collect a fee for their work. It’s all evidence of the growing value of non-financial online credentials. Computer crooks are extracting and cashing in on every aspect of hacked systems, from emails and passwords to entire online identities.

While bank login information is still some of the most valuable information taken from a hacked system, selling non-financial accounts can also be a lucrative business for hackers. Using botnet creation kits like ZeuS, Citadel or SpyEye, online crooks can use malware to record credentials entered into Web forms. They can then gather information from a collection of compromised machines and resell logins, in bulk or by retailer name, on underground forums. 


The bevy of information available has spawned the creation of underground shopping centers for stolen credentials, like Underweb and Freshtools. According to Brian Krebs, usernames and passwords for working accounts at online retailers like walmart.com, amazon.com, ebay.com, apple.com and zappos.com fetch about $2 each. Accounts for sites like fedex.com and ups.com sell for slightly more, around $5 a piece, likely to enable fraudulent reshipping schemes.

Besides retail and financial credentials, stolen social media accounts can also be valuable to cybercriminals. Hacking an email or social media service can provide a gateway to accessing users’ banking or financial accounts, because many people reuse credentials across several accounts. Hackers can also find pay days by selling legitimate credentials to spammers, selling information from high profile or celebrity accounts or extorting money out of their hacking victims.

The increased focus on online credentials as a target for attackers should be a wakeup call to all online service providers. While banks have spent years working on detecting and preventing fraud, there hasn’t been the same precedent for other service providers. The onus is now on them to be aware of the potential for abuse from online miscreants and the need for enhanced fraud detection systems. In the meantime, ensure you’re doing everything you can to protect your credentials with these Internet security best practices.

Source: slaitnederc-enilno-tekram/sgolb/tcennoc/moc.cetnamys.www

“The Market for Online Credentials”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud