Top10VPN has published its latest Dark Web Market Price Index looking at hacking tools. It discovered that it takes very little investment to put together a good starter kit for hackers. This will be a major concern for businesses. In addition to fighting off campaigns from professional hackers and state-sponsored hacking teams, they are now threatened with the potential for an increase in hobbyist hackers.
According to Simon Migliano, Head of Research, Top10VPN: “Everything a wannabe scammer needs to get started hacking your accounts is for sale on the dark web. For this latest edition of the Dark Web Market Price Index, we monitored five of the biggest sites for this illicit trade in hacking tools, finding WiFi hacking software, ready-made phishing pages for big brands, password crackers and much more.”
Migliano continued: “Our team of security experts reviewed tens of thousands of listings on five of the most popular dark web markets; Dream; Point; Wall Street Market; Berlusconi Market; and Empire. These encrypted websites, which can only be reached using the Tor browser, allow criminals to anonymously sell hacking tools, along with all sorts of other contraband, such as illicit drugs, stolen info and weapons.”
What is for sale and for how much?
The breadth of tools on sale is impressive. Even more impressive is the fact that almost all of the tools discovered by Top10VPN were cheaper than a large pizza. The prices are so low that an initial outlay of around £100 would give a wannabe hacker an effective toolkit.
There is, of course, the question of skills to use that toolkit but that’s no obstacle. There are lots of books and online sites dedicated to helping someone improve their skills. The latter include tutorials and even help building targeted exploits for a share of the loot.
Businesses should take a look at what is on offer as well. Being able to hack your own company to test security is a useful skill. The password tools will allow companies to see how poor their password policies are. Some of the other tools can be used to create tests to see how easy it is to fool users into installing malware.
|Item for Sale||Average Sale Price|
|Tools||Password Hacking Tool Custom Files||£1.57|
|WiFi Hacking Software||£2.29|
|Bluetooth Hacking Software||£2.65|
|FBI/NSA Hacking Tools||£4.62|
|Cryptocurrency Fraud Malware||£5.01|
|Remote Access Trojan||£8.47|
|Password Hacking Software||£38.61|
|Cryptocurrency Miner Malware||£58.47|
|Cell Tower Simulator Kit||£21,602.33|
|Postal System Stealth||£3.24|
Tools targeting specific brands
Some of these tools, such as the password hacking and phishing page, are customised for specific companies and brands. This allows a hacker to decide who they want to target. They can start with a brand that doesn’t cost much and work up to a premium brand such as Apple.
Enterprise Times contacted a number of different companies listed on the Top10VPN brand page. Google, Dropbox, Coinbase, Twitter, Facebook, Paypal, Apple and Netflix were among the companies we contacted for comment. They all ignored our request for comment.
The BT press office told us: “..as we are just one of many companies listed then this is not something we would offer comment on.” The press officer continued: “I have however flagged to our security teams, who will investigate this issue further.”
GoldenFrog, owners of VyperVPN did send us a response from Chris Marsh, VP of Technology. He said: “These cybercriminal tools have been used to attack platforms within different industries and are not limited to the VPN space. Multiple service providers were hit, and we believe the tool you are referring to, and was used for these credential stuffing attacks, is Sentry MBA. This tool logs into users accounts by trying different methods until it finds a valid combination. The password attempts can be generated or are based on databases from other previously breached organizations. What is usually sold on the dark web are not the tools themselves, but configuration files that provide the tool with the methodology to find valid credentials.
“Our engineering team at VyprVPN focuses on combating credential attacks and securing the privacy of our users. We have strong measures in place to limit the successful use of these tools. We always monitor our systems for increased authentication failures to identify when these attacks are happening, and we stay on the watch for other avenues cybercriminals may employ to breach our systems. Our team also monitors the Dark Web on a regular basis to identify these types of tools and confront the illegal sales of our customer’s accounts.”
NCA looking to Prevent teens falling into cyber crime
The UK National Crime Agency has a programme called Prevent run by its National Cyber Crime Unit (CCU). Its goal is to identify and stop people getting caught up in cybercrime. Greg Francis from the Prevent Team at the NCA’s National Cyber Crime Unit said: “It’s increasingly easy for young individuals to become involved in cyber criminality, whether this be through ignorance of the law or from compulsion to understand the mechanics of certain tools.
“Cyber Criminal ‘for-hire’ services such as DDoS-for-hire or certain Remote Access Trojans like Blackshades, lower the technical barrier for entry into criminality. We encourage learning about utilizing these sort of tools and techniques for productive means though partners such as Cyber Security Challenge, so that individuals don’t fall foul of the law whilst learning skills to safeguard future technology.”
Francis makes a good point that some of those tempted to buy and try will be doing so to learn skills. By pointing people at the Cyber Security Challenge, the NCA is hoping to turn interest into job prospects. The Cyber Security Challenge runs a number of different competitions that are successfully finding people work. Later this year it will run Cyber Re:coded, a cyber security recruitment fair. Those looking for a career in cyber security can talk to recruiters and take part in challenges.
What does this mean
The vast majority of hacking attempts come from amateurs and wannabes. With tool prices this low there is likely to be a surge in newcomers trying their luck. Some of them will go on and sign up to programmes to help distribute malware. Others will get caught or give up.
The problem with so many beginners is that they all try the same attacks. They end up creating excessive noise with their attacks. While some will be obviously inept and ignorable, others will have the potential for damage. The biggest problem they pose is that they allow the more skilled attackers to use the noise to attack under the radar.
Will prices continue to drop? The likelihood is yes.