How to fight the growing menace of stolen accounts

No longer just the preserve of illegal drugs and pirated goods, underground unindexed sites play host to a large and rapidly growing market for stolen accounts, starting from as little as $0.50.

This is a highly professional, thriving marketplace with the potential to destroy brand value and severely impact growth. In short, it’s time to find out what’s going on, and do something about it.

How it works

As the Darknet is unindexed and rendered largely anonymous thanks to platforms like Tor and I2P, it serves as a perfect home for the cybercriminal community.

Alongside the stolen bank details, personally identifiable information and contraband up for sale are hacked account details. Usually, the specific market for such details is users of sites like Agora and Nucleus who have a few spare Bitcoin leftover from larger purchases.

>See also: How do you solve a problem like cybercrime?

Prices start at $0.50 and can go as high as $20 depending on the online service. As has been noted by other researchers like Dell SecureWorks, the vendors of these stolen credentials are increasingly looking to differentiate in a crowded underground market by offering 100% satisfaction guarantees.

One of the most popular sellers is known as ‘Optiman’. This vendor can be found on Agora – one of the Darknet’s biggest marketplaces – and claims to have made 30,000 transactions since plying his or her online trade. This vendor sells hacked accounts for services like Minecraft, Spotify, Hulu, Neftlix, Rdio and Xbox live – which go for around $4 each.

Meanwhile, two vendors on the Nucleus marketplace, known as ‘DrawkwarD’ and ‘Skypeman’, flog accounts for as little as $1 each and offer services like HBO, NFL, Beats, Office 365, UFC, Lumosity and many more.

Finally, a more notorious vendor known as ‘Courvoisier’ was found on AlphaBay selling accounts for Uber, Netflix, EE, Vodaphone and Amazon – from anywhere between $0.50 and $18.

The problem for firms

These account details don’t merely come from traditional data breaches at the affected organisation. Uber, for example, recently refuted any suggestion that account credentials being sold online had come through a security weakness in its IT systems.

The weakest link in this chain is often the customer. Whether they’ve failed to protect their PC with up-to-date anti-malware and allowed keylogging or information stealing software on their PC, used weak and easily crackable passwords, or re-used credentials across multiple sites that exposes them to greater risk of theft, they are often the ones to blame.

A business may not have been breached, therefore, but a careless customer may have allowed their password – the same one they share across many sites – to fall into the wrong hands. All the hacker has to do is run that password and username combination through checking software to see which services and accounts are a match.

But that doesn’t mean businesses should wash their hands of all responsibility. In today’s hyper-competitive online marketplace, brand and reputation are paramount in establishing trust and maintaining customer loyalty.

In such an environment, data breaches can lead to damaging, negative headlines. But account hijacking via Darknet forums could be just as damaging – perhaps even more so if the brand and customer affected are left in the dark.

It doesn’t take a genius to work out what happens next. Customer A leaves Brand X, takes their business to a rival, and then jumps on social media to tell everyone about their experience.

Multiply that single scenario by the volume of stolen account information on the Darknet and a major problem could start to unravel the very trust relationships that underpin e-commerce.

Operation Darknet

Frustratingly for law enforcers and brand managers, takedowns of these Darknet marketplaces rarely work. After major campaigns like Operation Onymous, new sites soon sprang up to take the place of those shut down.

Similarly, the vendors who use such sites are usually tech savvy enough to anonymise their location and identity.

>See also: The future of cybercrime

So what are the options for businesses? Well, for one, customers need to be educated about better password management. But a more proactive step organisations can take is to invest in services that can trawl Darknet sites and inform them when they find customers’ stolen credentials.

Far more valuable is for the service provider to carry out Darknet account checks behind the scenes. This will give customers the info they need to prevent major account abuses, and help to maintain that bond of trust and faith in your brand so important to online success.


Sourced from Benjamin Ali, senior investigator, Centient

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics