For 3 years in a row, Privacy Affairs has published a study of the darknet information services market on its website. The first study was a review and was published in 2020. In 2021, 2022 and 2023, the company's specialists analyzed the price dynamics for those services that are constantly present on the darknet.
The 2023 study contains a wealth of details illustrating three patterns:
The author of the 2023 study, Miklos Zoltan, comments: "If someone manages to get hold of your financial data or social media credentials, then the money they will pay for it is essentially equal to the value of what they bought [for the buyer]. It is very likely that this data is much more expensive for you than for scammers. And for them, you are just another opportunity for quick earnings."
For a few tens of dollars, fraudsters can get access from your cards and crypto wallets, and for a few thousand dollars, you can "become a different person": order a full set of fake physical documents of a citizen of another country, get bank card details and logins-passwords from social networks.
The full version of the study in English can be found on the website. The author of the 2023 survey is Miklos Zoltan, Founder and CEO of Privacy Affairs.
In this review, we will refrain from moralizing and judging, limiting ourselves to demonstrating and analyzing what is happening. We present an abridged translation of the study, supplemented with examples from the Russian darknet and recommendations on data protection
Examples of prices for each category are shown in the short table:
In 2022 and early 2023, law enforcement agencies shut down many large darknet stores. Some of them disappeared in just a few weeks in the second half of 2022. However, this had little impact on the market. The gap created by the authorities was filled almost immediately.
Sales volume: The study did not reveal a long-term decline in sales as a result of law enforcement actions.
Volume of data: in the last reporting period, Privacy Affairs noted that sellers and buyers preferred to process more volume data, rather than individual products (for example, identity cards). This may indicate an increase in the profitability of fraud, fraud, and other shady activities.
Prices: Prices for most of the products and services that the company has been tracking for 3 years have dropped significantly. This may mean that more people are becoming victims of cybercriminals around the world than ever before.
During the reporting period 2022-2023, there were significant changes in the operation of the darknet:
There is no clear market leader: unlike in 2020, 2021, and early 2022, there are no clearly dominant stores in 2023. In 2022, many previously known portals, such as ToRReZ and the new AlphaBay, were closed. The closure of large portals is offset by the appearance of smaller sites, many of which disappear within a few months. However, this does little to reduce the supply of illicit goods and services.
Darknet security operations: It seems that after the recent purge of the main darknet stores, cybercriminals have chosen a new strategy for regularly launching new and smaller sites. This allows them to better evade law enforcement actions, destroying evidence in just a few months and not getting so big as to attract too much attention. These new sites are then advertised on various cybercrime forums and Telegram channels.
Telegram instead of websites: Telegram has become the main selling point for hacked personal data. Hundreds of thousands of users participate in channels and chats dedicated to the topic of identity theft.
However, as shown below, there was a slight overall downward trend in the prices of these products.
Here is an example of a post related to "Fullz" in the US, with 15 confirmed sales:
Here is an example of a product card with credit card details:
The most common item of this type sold on the darknet is PayPal accounts. Since there are so many of them, they are also very cheap to buy. (A more expensive option is to transfer money from a hacked account.)
The table below shows how much prices for access to account details have fallen over the past year due to high supply.
Here is an example of a product card for stealing PayPal accounts. Please note that the service has confirmed 3 sales:
And here you can see the card associated with the Skrill payment processor:
And also Revolut:
Cryptocurrency accounts are the only category that has seen growth. This may be due to the fact that cryptocurrency prices mostly stagnated in the second half of 2022 and the first half of 2023, which led to a decrease in interest from the general population. As a result, fewer cryptocurrency trading accounts and wallets are now available to hackers.
However, it can be assumed that when there is a new rise in the cryptocurrency, prices will fall, as this will lead to an increase in interest and excitement from users.
Below is a screenshot of the hacked Coinbase account with confirmed sales:
And here are a few more recently appeared services for hacking crypto wallets, in the last reporting period they were not observed:
Proposal for hacking the account of the Robinhood cryptocurrency platform:
Here is an example of a hacked Disney account being put up for sale:
Fraudsters can use this data to impersonate people on the Internet and open online accounts in their name. Other people's data can be used to open accounts on porn sites or cryptocurrency exchanges.
Another popular category is ID (identifiers are widely used in the United States and Europe and are used, if compared with Russia, instead of a passport) and utility bills.
Buyers can modify these documents by adding and changing any details they need.
Here's what the study found:
The most popular currencies are the euro, British pound, and Canadian, Australian, and US dollars.
For some of these bills, suppliers guarantee that they will pass the UV test. Such high-quality counterfeit banknotes will cost approximately 30 percent of their face value.
On the market, you can also find scans of documents in a set with a selfie of their owner.
Here is an example of selling a passport template (3 pieces sold)::
A whole catalog of various forged documents:
The DDoS attack services listed below differ in their purpose, number of access requests, quality, speed, and duration.
Please note that the duration of a DDoS attack can vary from seconds to days, and the results are often proportional to the price paid.
Some well-known investigations in our country were conducted using such methods.
You can find offers with a cost of a couple of tens of thousands for a service, but for the same money you can order a complete dossier per person.
Perhaps the demand for collecting personal data, hacking social networks and breaking through coordinates in our country prevails (no such studies have been conducted, but we can assume this, judging by the number of offers and publications). But you can also order services similar to those presented in the foreign study. Bank accounts, database hacks, and forged documents are all present. Unless offers for ID are not widespread – our main identity card is still a passport.
For example, tadveiser points out that we have a growing demand for calculating people's location:
Russians have become more willing to use the services of" punching " subscribers by location: in the first six months of 2023, the number of requests for this service increased 1.5 times, to 35,160. Such data was provided by BI.ZONE in early July 2023.
According to the Director of the BI Security Analysis and Fraud Prevention Department.According to Evgeny Voloshin, the peak demand for such services in 2023 occurred in May: the number of requests was 26,317. From May 14 to May 28, an average of 1.5 thousand messages appeared daily on specialized forums, he said.
The same source indicates that the price of" breaking through " coordinates varies depending on the mobile operator of the desired subscriber (Beeline – from 12-15 tr, MTS, Megafon – about 24-40 TR) and grows from year to year. Forbs also indicates an increase in the price of data breakdown.
Bank cards are also sold from year to year and also grow in price, reaching 100 tr in 2023.
After the start of mobilization, the Russian darknet was replenished with offers that help avoid mobilization, and there are options for 50 tr, and for 1.2-1.5 million rubles.
Fake medical books (which were sold before, without the need to go to the darknet) can be considered specific and popular in Russia. You can also order a fake BTI plan. Full analogues abroad are difficult to find, since these documents are not universal, but where there is a document or certificate, there is an opportunity to forge it.
It can be concluded that "private services" for jealous husbands/wives, as well as services for those who want to avoid mobilization, are available in our country to almost anyone who has bothered to search the Internet well. At the same time, services that allow you to earn money on the received data (drop cards, account hacking, fake documents) require more significant investments. Industrial espionage may tend to fall into the cheaper or more expensive category, depending on the scale of the business and the complexity of the services.
To check for skimmers at ATMs:
Text: @EgorKotkin
The 2023 study contains a wealth of details illustrating three patterns:
- the scale of personal data fraud is growing steadily,
- prices are falling frighteningly,
- to date, the fight of law enforcement agencies against fraudsters does not bring significant results.
The author of the 2023 study, Miklos Zoltan, comments: "If someone manages to get hold of your financial data or social media credentials, then the money they will pay for it is essentially equal to the value of what they bought [for the buyer]. It is very likely that this data is much more expensive for you than for scammers. And for them, you are just another opportunity for quick earnings."
For a few tens of dollars, fraudsters can get access from your cards and crypto wallets, and for a few thousand dollars, you can "become a different person": order a full set of fake physical documents of a citizen of another country, get bank card details and logins-passwords from social networks.
The full version of the study in English can be found on the website. The author of the 2023 survey is Miklos Zoltan, Founder and CEO of Privacy Affairs.
In this review, we will refrain from moralizing and judging, limiting ourselves to demonstrating and analyzing what is happening. We present an abridged translation of the study, supplemented with examples from the Russian darknet and recommendations on data protection
Types of personal data fraud
The Privacy Affairs study divides personal data-related products and services found on the darknet into the following categories::- credit card details
- payment service data
- access to crypto wallets
- social network accesses
- access to various services
- fake documents (scans)
- forged documents (in hard copy)
- databases of e-mail addresses
- malicious software
- DDOS attacks
Examples of prices for each category are shown in the short table:
Credit card details | |
Credit card details, account balance up to 5000 | $110 |
Hacked account Card.com | $75 |
Credit card details, account balance up to 1000 | $70 |
Theft of online banking access account balance at least 2000 | $60 |
United Arab Emirates credit card details with CVV | $35 |
Theft of online banking access account balance at least 100 | $40 |
Hacked TDBank account | $30 |
Canada credit Card details with CVV | $30 |
Australia Credit Card details with CVV | $23 |
Israel credit Card details with CVV | $20 |
Spanish credit card details with CVV | $20 |
UK credit card details with CVV | $20 |
Copy of the American Express card with PIN | $20 |
A copy of a Mastercard card with a PIN | $20 |
Copy of the VISA card with PIN | $20 |
US credit card details with CVV | $15 |
Clobal credit card details with CVV | $10 |
A Walmart account with a credit card linked to it | $5 |
Hacking of payment service accounts | |
ING bank account details (verified account) | $4,255 |
HSBC UK Business Account | $4,200 |
Switzerland login to your account | $2,200 |
Barclays login to your account | $2,100 |
Santander login to your account | $1,800 |
Revolut verified account (UK, USA) | $1,600 |
Verified Stripe account with payment gateway | $1,200 |
Verified Cashapp Account | $860 |
Stolen verified Skrill UK Account | $610 |
Chase Bank login to your account | $500 |
Weststein Card login to your account | $500 |
TransferGo login to your account | $500 |
Payoneer verified account | $200 |
CitiBank Verified Account | $200 |
Wells Fargo Account Login | $150 |
Chime Bank login to your account | $125 |
50 PayPal accounts | $120 |
PerfectMoney login to your account | $100 |
Luno account with a balance | $80 |
Go2Bank login to your account | $75 |
Huntington bank login to your account | $60 |
PayPal transfer from hacked account $8,000 | $54 |
Western Union login to your account | $39 |
Western Uniontranslation from a broken account, $1,000 | $32 |
Bank of America login to your account | $30 |
PayPal transfer from a hacked account, $1,000 – $3,000 | $30 |
Suntrust Bank login to your account | $30 |
PayPal transfer from hacked account $100 - "class=" formula inline " >1,000 | $25 |
CBA Random Bank login to your account | $25 |
PayPal transfer from a hacked $5,000 account | $22 |
Hacking a PayPal account without a balance | $15 |
Movo.Cash login to your account | $11 |
PayPal transfer from a hacked $1,000 balances account | $10 |
PayPal transfer from a hacked $100 balances account | $10 |
Cryptoaccounts | |
N26 verified account (Germany) | $2,650 |
Wirex verified and hacked account | $2,300 |
Nuri account in German IBAN | $2,200 |
Zen.com verified account | $1,600 |
Kraken verified account | $1,170 |
Binance Verified account | $410 |
Xcoins Verified Account | $350 |
Bitit.io verified account | $450 |
Vexel.com verified account | $410 |
Quippy.com verified account | $410 |
Kriptomat.io verified account | $410 |
FTX KYC Verified Account | $400 |
CoinMarketCap Wallet | $375 |
Crypto.com CoinMarketCap Wallet | $300 |
Cex.io CoinMarketCap Wallet | $250 |
Hacked Verified Coinbase Account | $250 |
Keybank verified account | $180 |
Bit2me verified account | $150 |
Robinhood verified account | $150 |
Coinfield.com verified account | $140 |
Blockchain.com verified account | $85 |
LocalBitcoins Verified US Account | $70 |
Bitrex Verified US Account | $30 |
Paxful.com verified level 1 account | $20 |
Social media accounts | |
Hacking your Gmail account | $60 |
Hacking your Facebook account | $25 |
Hacking an Instagram account | $25 |
Hacking your Twitter account | $20 |
Twitter retweets x 1000 | $10 |
LinkedIn company subscribers x 1000 | $5 |
Instagram followers x 1000 | $2 |
Pinterest subscribers x 1000 | $2 |
Twitch subscribers x 1000 | $2 |
Instagram likes x 1000 | $2 |
Spotify subscribers x 1000 | $1 |
Soundcloud listens x 1000 | $1 |
Hacking services | |
AirBNB.com verified account | $300 |
Hacking of the Bet365 account | $35 |
Uber driver hacked account | $30 |
US eBay account | $20 |
Netflix annual subscription | $20 |
Hacking your Uber account | $12 |
Spotify account hack | $10 |
Alaskaair account hacking | $10 |
NBA League subscriptions | $8 |
hacking a Kaspersky account | $7 |
Adult site accounts | $6 |
Canva Pro annual subscription | $5 |
Hacking the Disney Plus account | $3 |
CNBC Pro Account | $3 |
Hulu account | $3 |
HBO account | $2 |
Orange TVy account | $2 |
Netflix 4K Annual Subscription | $1 |
Fake documents-scans | |
Alberta CA Driver's License (scanned) | $140 |
Selfies with ID USA | $110 |
Forged WalMart prescription Rx labels | $100 |
Passport of the Russian Federation (scanned) | $80 |
Driver's License New York | $60 |
US passport (scanned) | $50 |
Driving Licence NSW Australia | $40 |
Custom drivers’ license | $35 |
Minnesota Driver's License | $22 |
UK Passport Template | $22 |
Passport template Germany | $22 |
New Hampshire Driver's License | $20 |
Utility Bill Template | $15 |
Belgium Passport Template | $10 |
Utility Bill template UK | $10 |
US Payment Receipt Template | $8 |
Fake documents - physical ones | |
Maltese passport | $4,000 |
French passport | $3,000 |
Dutch passport | $3,000 |
EU passport | $3,000 |
Polish passport | $2,500 |
EU Driving License | $2,000 |
Lithuanian passport | $1,800 |
EU Identity Card (ID) | $1,700 |
Polish Identity Card | $1,700 |
French driver's License | $1,500 |
Romanian Driver's License | $1,450 |
Latvian Identity Card (ID) | $1,300 |
Fake US Green Card | $450 |
Delaware ID Card | $200 |
Indiana ID Card | $200 |
Montana ID Card | $200 |
Nevada Identification Card (ID) | $200 |
Texas ID Card | $200 |
New Jersey Driver's License | $200 |
Louisiana ID Card | $200 |
Utah ID Card | $200 |
US Driver's License | $150 |
Email address databases | |
10 million US e-mail addresses | $120 |
600,000 New Zealand e-mail addresses | $110 |
2.4 million Canadian e-mail addresses | $100 |
Malicious Software | |
Premium quality, 1000 installations | $4,500 |
Europe fresh, high-quality per 1,000 installs | $1,600 |
Premium quality, 1000 installations UK | $1,600 |
Premium quality, 1000 installations USA | $1,500 |
USA, CA, UK, AU Average quality, 70% of successful installations out of 1000 | $1,100 |
High quality, 1000 installations CA | $1,100 |
Europe, aged, high-quality, per 1,000 installs | $1,000 |
USA, CA, UK, AU low quality, low speed, low successful downloads x 1000 installs | $600 |
Average quality, 70% of successful installations out of 1000 in the USA only | $700 |
Android OS 1000 installations | $650 |
Average quality, 70% of successful installations out of 1000. | $250 |
Low quality, low speed, low success rate of downloads x 1000 Europe | $110 |
Global, medium-quality, 70% success rate, per 1,000 | $75 |
Global, low quality, slow-speed, low success rate, per 1,000 installs | $35 |
DDOS attack | |
Unprotected website, 10-50k requests per second, 1 month | $750 |
Unprotected website, 10-50k requests per second, 1 week | $350 |
low quality, low speed, low success rate of downloads x 1000 installations Europe | $200 |
Premium secure site, 20-50k requests per second, using elite proxies, 24 hours | $170 |
Unprotected website, 10-50k requests per second, 24 hours | $35 |
Unprotected website, 10-50k requests per second, 1 hour | $10 |
Influence of law enforcement agencies on supply and prices
When law enforcement agencies clear out large stores on the darknet, the supply of illegal goods and services stops for a very short time. New sites and channels appear literally the next day.In 2022 and early 2023, law enforcement agencies shut down many large darknet stores. Some of them disappeared in just a few weeks in the second half of 2022. However, this had little impact on the market. The gap created by the authorities was filled almost immediately.
Sales volume: The study did not reveal a long-term decline in sales as a result of law enforcement actions.
Volume of data: in the last reporting period, Privacy Affairs noted that sellers and buyers preferred to process more volume data, rather than individual products (for example, identity cards). This may indicate an increase in the profitability of fraud, fraud, and other shady activities.
Prices: Prices for most of the products and services that the company has been tracking for 3 years have dropped significantly. This may mean that more people are becoming victims of cybercriminals around the world than ever before.
Changes within the market
As the darknet market evolves, its actors implement strategies similar to those of traditional retail businesses.During the reporting period 2022-2023, there were significant changes in the operation of the darknet:
There is no clear market leader: unlike in 2020, 2021, and early 2022, there are no clearly dominant stores in 2023. In 2022, many previously known portals, such as ToRReZ and the new AlphaBay, were closed. The closure of large portals is offset by the appearance of smaller sites, many of which disappear within a few months. However, this does little to reduce the supply of illicit goods and services.
Darknet security operations: It seems that after the recent purge of the main darknet stores, cybercriminals have chosen a new strategy for regularly launching new and smaller sites. This allows them to better evade law enforcement actions, destroying evidence in just a few months and not getting so big as to attract too much attention. These new sites are then advertised on various cybercrime forums and Telegram channels.
Telegram instead of websites: Telegram has become the main selling point for hacked personal data. Hundreds of thousands of users participate in channels and chats dedicated to the topic of identity theft.
Darknet Product Price Index 2023
As in previous reports, Privacy Affairs collects data by examining Dark Web marketplaces, forums, and websites. This information is then processed to create an index of average prices for a wide range of specific products.Cloned credit cards and cardholder data
The average cost of credit card information ranges from $ 10 (in countries such as the United States, Canada, and Australia) to $ 240 each (including the card balance).However, as shown below, there was a slight overall downward trend in the prices of these products.
- Israeli credit card details with CVV
- Price of USD (2022): $25
- Price of USD (2023): $20
- Credit card details with a balance of up to 5000 rubles
- Price of USD (2022): $120
- Price of USD (2023): $110
- Credit card details with a balance of up to 1000
- Price of USD (2022): $80
- Price of USD (2023): $70
- Copy of the American Express card with PIN
- Price of USD (2022): $25
- Price of USD (2023): $20
- Stolen bank account details at least 2,000 in the account
- Price of USD (2022): $65
- Price of USD (2023): $60
- Hacked (Global) credit card details with CVV
- Price of USD (2022): $15
- Price of USD (2023): $10
- Spanish Credit card details with CVV
- Price of USD (2022): $25
- Price of USD (2023): $20
- Walmart account details with linked bank card
- Price of USD (2022): $10
- Price of USD (2023): $5
- US credit card details with CVV
- Price of USD (2022): $17
- Price of USD (2023): $15
- Australia Credit Card details with CVV
- Price of USD (2022): $23
- Price of USD (2023): $23
- Mastercard copy with PIN
- Price of USD (2022): $20
- Price of USD (2023): $20
- VISA copy with PIN
- Price of USD (2022): $20
- Price of USD (2023): $20
- UK credit Card details with CVV
- Price of USD (2022): $20
- Price of USD (2023): $20
- Stolen online banking logins, minimum 100 on account
- Price of USD (2022): $35
- Price of USD (2023): $40
- Canada credit Card details with CVV
- Price of USD (2022): $10
- Price of USD (2023): $30
- ING bank login to a verified account
- Price USD (2022): –
- Price of USD (2023): $4,255
- Account hacking Card.com
- Price USD (2022): –
- Price USD (2023): $75
- TDBank account hacking
- Price USD (2022): –
- Price of USD (2023): $30
- UAE Credit Card details with CVV
- Price USD (2022): –
- Price of USD (2023): $35
Here is an example of a post related to "Fullz" in the US, with 15 confirmed sales:
Here is an example of a product card with credit card details:
Access to payment service accounts
Payment via payment systems is widespread among retailers. More and more people prefer to buy goods and services online. This gives you more opportunities to steal users ' personal data and financial information.The most common item of this type sold on the darknet is PayPal accounts. Since there are so many of them, they are also very cheap to buy. (A more expensive option is to transfer money from a hacked account.)
The table below shows how much prices for access to account details have fallen over the past year due to high supply.
- Credentials of 50 hacked PayPal accounts
- Price of USD (2022): $150
- Price of USD (2023): $120
- Hacking your PerfectMoney account
- Price of USD (2022): $110
- Price of USD (2023): $100
- Hacking of the Weststein Card account
- Price of USD (2022): $710
- Price of USD (2023): $700
- Hacking of the TransferGo account
- Price of USD (2022): $510
- Price of USD (2023): $500
- PayPal transfer from a stolen account balance of $5,000
- Price of USD (2022): $30
- Price of USD (2023): $22
- PayPal transfer from a stolen account balance of $8,000
- Price of USD (2022): $60
- Price of USD (2023): $54
- PayPal transfer from stolen account balance $1,000 - $3,000
- Price of USD (2022): $45
- Price of USD (2023): $30
- Movo.Cash credentials
- Price of USD (2022): $14
- Price of USD (2023): $11
- Hacked PayPal account with at least $1,000 in the account
- Price of USD (2022): $20
- Price of USD (2023): $20
- Hacked PayPal account at least $1.00 in the account
- Price of USD (2022): $10
- Price of USD (2023): $10
- Hacked PayPal account with no balance
- Price of USD (2022): $15
- Price of USD (2023): $15
- Western Union transfer from a stolen account balance of $1,000
- Price of USD (2022): $30
- Price of USD (2023): $32
- PayPal transfer from stolen account balance $1.00 - $1,000
- Price of USD (2022): $15
- Price of USD (2023): $25
- Hacked Western account hacking
- Price of USD (2022): $25
- Price of USD (2023): $39
- Cashapp verified account
- Price of USD (2022): $800
- Price of USD (2023): $854
- Verified Stripe account with payment gateway
- Price of USD (2022): $1,000
- USD Price (2023): $1,200
- Stolen fully verified Skrill UK accounts
- Price of USD (2022): $120
- Price of USD (2023): $610
- Wise Account Details-Verified UK, USA
- Price USD (2022): –
- Price of USD (2023): $1,500
New payment services
Over the past year, services have appeared to steal access to 9 payment services that were not available a year ago.Hacking of payment service accounts | Price USD (2023) |
Revolut verified account (UK, USA) | $1,600 |
Switzerland login to your account | $2,200 |
Luno Account login with $5,000 | $80 |
Chase Bank login to your account | $500 |
Verified Payoneer Account | $200 |
Verified CitiBank Account | $200 |
HSBC UK Business Account | $4,200 |
Barclays online login to your account | $2,100 |
Hacked Go2Bank account | $60 |
Suntrust Bank login to your account | $30 |
Huntington login to your account | $60 |
Wells Fargo login to your account | $1,500 |
Bank of America login to your account | $30 |
Bluebird Bank login to your account | $75 |
CBA Random Bank login to your account | $25 |
Chime Bank account login to your account | $125 |
Santander personal bank login to your account | $1,800 |
Here is an example of a product card for stealing PayPal accounts. Please note that the service has confirmed 3 sales:
And here you can see the card associated with the Skrill payment processor:
And also Revolut:
Hacking Crypto wallets
The table below provides information on the price dynamics for hacking cryptocurrency accounts for the current reporting period (2022-2023).- Verified LocalBitcoins account (USA)
- Price of USD (2022): $120
- Price of USD (2023): $70
- Verified account Blockchain.com
- Price of USD (2022): $90
- Price of USD (2023): $85
- Verified account Coinfield.com
- Price of USD (2022): $120
- Price of USD (2023): $140
- Verified account Crypto.com
- Price of USD (2022): $250
- Price of USD (2023): $300
- Verified account Cex.io
- Price of USD (2022): $170
- Price USD (2023): $250
- Verified Hacked Coinbase Account
- Price of USD (2022): $120
- Price USD (2023): $250
- Verified Kraken Account
- Price of USD (2022): $250
- Price of USD (2023): $1,170
Cryptocurrency accounts are the only category that has seen growth. This may be due to the fact that cryptocurrency prices mostly stagnated in the second half of 2022 and the first half of 2023, which led to a decrease in interest from the general population. As a result, fewer cryptocurrency trading accounts and wallets are now available to hackers.
However, it can be assumed that when there is a new rise in the cryptocurrency, prices will fall, as this will lead to an increase in interest and excitement from users.
Below is a screenshot of the hacked Coinbase account with confirmed sales:
And here are a few more recently appeared services for hacking crypto wallets, in the last reporting period they were not observed:
Crypto Accounts | Price USD (2023) |
Verified Binance Account | $410 |
Verified Xcoins Account | $350 |
Verified account Bitit.io | $450 |
Verified Bit2me Account | $150 |
CoinMarketCap account | $375 |
Verified account Zen.com | $1,600 |
Nuri account with German IBAN | $2,200 |
Verified Level 1 account Paxful.com | $20 |
FTX KYC and Verified Account | $400 |
Hacked account Vexel.com | $410 |
Verified Keybank Account | $180 |
Hacked verified Wirex account | $2,300 |
Verified account Quippy.com | $410 |
Verified Bitrex US Account | $30 |
Verified account Kriptomat.io | $410 |
Verified account (Germany) N26 | $2,650 |
Hacked Robinhood account | $150 |
Proposal for hacking the account of the Robinhood cryptocurrency platform:
Hacking media services and entertainment accounts
Hacking media service accounts is evidence of the fact that scammers are able to earn money on a variety of dark Web products. For example, they offer access to online subscriptions at low prices, even though their customers have to take the risk of being caught.- Bet365 account
- Price of USD (2022): $40
- Price of USD (2023): $35
- Netflix annual subscription
- Price of USD (2022): $25
- Price of USD (2023): $20
- Uber driver hacked account
- Price of USD (2022): $35
- Price of USD (2023): $30
- Netflix 4K Annual Subscription
- Price of USD (2022): $4
- Price of USD (2023): $1
- Uber hacked account
- Price of USD (2022): $15
- Price of USD (2023): $12
- Hulu
- Price of USD (2022): $5
- Price of USD (2023): $2
- HBO
- Price of USD (2022): $4
- Price of USD (2023): $2
- Canva Pro annual subscription
- Price of USD (2022): $6
- Price of USD (2023): $5
- CNBC Pro
- Price of USD (2022): $3
- Price of USD (2023): $3
- Orange TV
- Price of USD (2022): $4
- Price of USD (2023): $2
- NBA League Pass
- Price of USD (2022): $7
- Price of USD (2023): $8
- Adult site accounts
- Price of USD (2022): $5
- Price of USD (2023): $6
- Kaspersky Account
- Price of USD (2022): $5
- Price of USD (2023): $7
- AirBNB.com verified account
- Price USD (2022): –
- Price of USD (2023): $300
- US eBay account
- Price USD (2022): –
- Price of USD (2023): $200
- Spotify account hacked
- Price USD (2022): –
- Price of USD (2023): $10
- Disney Plus hacked account
- Price USD (2022): –
- Price of USD (2023): $3
- Alaskaair hacked account
- Price USD (2022): –
- Price of USD (2023): $10
Here is an example of a hacked Disney account being put up for sale:
Fake documents (scans)
Scans of personal documents are a popular product on the darknet market.Fraudsters can use this data to impersonate people on the Internet and open online accounts in their name. Other people's data can be used to open accounts on porn sites or cryptocurrency exchanges.
Another popular category is ID (identifiers are widely used in the United States and Europe and are used, if compared with Russia, instead of a passport) and utility bills.
Buyers can modify these documents by adding and changing any details they need.
Here's what the study found:
- Minnesota Driver's License
- Price of USD (2022): $150
- Price of USD (2023): $22
- Driving Licence Australia
- Price of USD (2022): $150
- Price of USD (2023): $40
- Alberta driver's license (scanned)
- Price of USD (2022): $165
- Price of USD (2023): $140
- Passport of the Russian Federation (scanned)
- Price of USD (2022): $100
- Price of USD (2023): $80
- Selfies with ID USA
- Price of USD (2022): $120
- Price of USD (2023): $110
- Utility bill template
- Price of USD (2022): $25
- Price of USD (2023): $15
- Driver's License New York
- Price of USD (2022): $70
- Price of USD (2023): $60
- US Paychecks
- Price of USD (2022): $10
- Price of USD (2023): $8
- Custom drivers’ license
- Price USD (2022): –
- Price of USD (2023): $35
- Belgium Passport Template
- Price USD (2022): –
- Price of USD (2023): $10
- UK Passport Template
- Price USD (2022): –
- Price of USD (2023): $22
- Utility Bill template UK
- Price USD (2022): –
- Price of USD (2023): $10
- German Passport Template
- Price USD (2022): –
- Price of USD (2023): $22
- Forged WalMart prescription Rx labels
- Price USD (2022): –
- Price of USD (2023): $100
- New Hampshire Driver's License
- Price USD (2022): –
- Price of USD (2023): $22
- US Passport (Scanned)
- Price USD (2022): –
- Price of USD (2023): $50
The most popular currencies are the euro, British pound, and Canadian, Australian, and US dollars.
For some of these bills, suppliers guarantee that they will pass the UV test. Such high-quality counterfeit banknotes will cost approximately 30 percent of their face value.
On the market, you can also find scans of documents in a set with a selfie of their owner.
Here is an example of selling a passport template (3 pieces sold)::
Forged documents (physical)
Almost indistinguishable from real paper documents can also be found on the darknet. These are by far the most expensive items out there.- Polish passport
- Price of USD (2022): $3,800
- Price of USD (2023): $2,500
- Dutch passport
- Price of USD (2022): $3,800
- Price of USD (2023): $3,000
- Lithuanian passport
- Price of USD (2022): $3,800
- Price of USD (2023): $3,000
- French passport
- Price of USD (2022): $3,800
- Price of USD (2023): $3,000
- EU passport
- Price of USD (2022): $3,800
- Price of USD (2023): $3,000
- Nevada ID
- Price of USD (2022): $160
- Price of USD (2023): $200
- New Jersey Driver's License
- Price of USD (2022): $160
- Price of USD (2023): $200
- Delaware ID Card
- Price of USD (2022): $150
- Price of USD (2023): $200
- US Driver's License
- Price of USD (2022): $150
- Price of USD (2023): $200
- Indiana ID Card
- Price of USD (2022): $150
- Price of USD (2023): $200
- Montana ID Card
- Price of USD (2022): $150
- Price of USD (2023): $200
- Texas ID Card
- Price of USD (2022): $150
- Price of USD (2023): $200
- Louisiana ID Card
- Price of USD (2022): $150
- Price of USD (2023): $200
- Utah ID Card
- Price of USD (2022): $150
- Price of USD (2023): $200
- Maltese passport
- Price of USD (2022): $3,800
- Price of USD (2023): $4,000
- Fake Green card
- Price of USD (2022): $160
- Price of USD (2023): $450
- Latvian Identity Card (ID)
- Price of USD (2022): $160
- Price of USD (2023): $1,300
- EU Identity Card (ID)
- Price of USD (2022): $160
- Price of USD (2023): $1,700
- Romanian Driver's License
- Price USD (2022): –
- Price of USD (2023): $1,450
- EU Driving Licence
- Price USD (2022): –
- Price of USD (2023): $2,000
- French driver's License
- Price USD (2022): –
- Price of USD (2023): $1,500
- Identity card (ID) Poland
- Price USD (2022): –
- Price of USD (2023): $1,700
- Polish passport
- Price of USD (2022): $3,800
- Price of USD (2023): $3,000
- Dutch passport
- Price of USD (2022): $3,800
- Price of USD (2023): $3,000
- Lithuanian passport
- Price of USD (2022): $3,800
- Price of USD (2023): $3,000
- French passport
- Price of USD (2022): $3,800
- Price of USD (2023): $3,000
- EU passport
- Price of USD (2022): $3,800
- Price of USD (2023): $3,000
- Nevada ID
- Price of USD (2022): $160
- Price of USD (2023): $200
- New Jersey Driver's License
- Price of USD (2022): $160
- Price of USD (2023): $200
- Delaware ID Card
- Price of USD (2022): $150
- Price of USD (2023): $200
- US Driver's License
- Price of USD (2022): $150
- Price of USD (2023): $200
- Indiana ID Card
- Price of USD (2022): $150
- Price of USD (2023): $200
- Montana ID Card
- Price of USD (2022): $150
- Price of USD (2023): $200
- Texas ID Card
- Price of USD (2022): $150
- Price of USD (2023): $200
- Louisiana ID Card
- Price of USD (2022): $150
- Price of USD (2023): $200
- Utah ID Card
- Цена USD (2022): $150
- Цена USD (2023): $200
- Maltese passport
- Price of USD (2022): $3,800
- Price of USD (2023): $4,000
- Fake Green card
- Price of USD (2022): $160
- Price of USD (2023): $450
- Latvian Identity Card (ID)
- Price of USD (2022): $160
- Price of USD (2023): $1,300
- EU Identity Card (ID)
- Price of USD (2022): $160
- Price of USD (2023): $1,700
- Romanian Driver's License
- Price USD (2022): –
- Price of USD (2023): $1,450
- EU Driving Licence
- Price USD (2022): –
- Price of USD (2023): $2,000
- French driver's License
- Price USD (2022): –
- Price of USD (2023): $1,500
- Identity card (ID) Poland
- Price USD (2022): –
- Price of USD (2023): $1,700
A whole catalog of various forged documents:
Draining the database of e-mail addresses
Email address database dumps don't cost much because they are easy to find and not very reliable.Databases of e-mail addresses | Price USD (2023) |
Database of 10 million US e-mail addresses | $120 |
Database of 100 million US e-mail addresses | $200 |
Database of 5 million e-mail addresses in England | $110 |
Database of 1.2 million e-mail addresses of dentists in the United States | $200 |
Database of 600,000 New Zealand e-mail addresses | $110 |
Database of 2.4 million e-mail addresses in Canada | $100 |
Malicious Software
Installing malware can give hackers full access to the capabilities of the device that the buyer is interested in. Usually we are talking about Microsoft Windows or Android systems. The most likely scenario after a targeted installation of such software is theft of user information for the purpose of extortion.- Premium quality, 1000 installations
- Price of USD (2022): $5,500
- Price of USD (2023): $4,500
- Average quality, 70% of successful installations out of 1000 in the USA only
- Price USD (2022): $900
- Price of USD (2023): $700
- Android OS 1000 installations
- Price of USD (2022): $950
- Price of USD (2023): $650
- Europe fresh, high-quality per 1,000 installs
- USD Price (2022): $1,800
- Price of USD (2023): $1,600
- UK High quality, 1000 installations
- USD Price (2022): $1,800
- Price of USD (2023): $1,600
- USA High quality, 1000 installations
- Price of USD (2022): $1,700
- Price of USD (2023): $1,500
- Average quality, 70% of successful installations out of 1000.
- Price of USD (2022): $450
- Price USD (2023): $250
- USA, CA, UK, AU low quality, low speed, low successful downloads x 1000 installs
- USD Price (2022): $1,200
- Price of USD (2023): $1,100
- High quality, 1000 installations CA
- USD Price (2022): $1,200
- Price of USD (2023): $1,100
- USA, CA, UK, AU low quality, low speed, low successful downloads x 1000 installs
- Price of USD (2022): $800
- Price of USD (2023): $700
- Europe, aged, high-quality, per 1,000 installs
- Price of USD (2022): $1,100
- Price of USD (2023): $1,000
- Global, medium-quality, 70% success rate, per 1,000
- Price of USD (2022): $115
- Price USD (2023): $75
- Global, low quality, slow-speed, low success rate, per 1,000 installs
- Price of USD (2022): $45
- Price of USD (2023): $35
- Low quality, low speed, low success rate of downloads x 1000 installations Europe
- Price of USD (2022): $120
- Price of USD (2023): $110
DDoS attacks
Bringing the equipment to failure by overloading it with multiple connection requests – a DDoS attack-blocks the operation of the website. Although the information remains intact during a DDoS attack, fraudsters can use the situation to extort or hide other hacking activities.The DDoS attack services listed below differ in their purpose, number of access requests, quality, speed, and duration.
Please note that the duration of a DDoS attack can vary from seconds to days, and the results are often proportional to the price paid.
- Unprotected website, 10-50k requests per second, 1 month
- Price of USD (2022): $850
- Price of USD (2023): $750
- Unprotected website, 10-50k requests per second, 1 week
- Price of USD (2022): $450
- Price of USD (2023): $350
- Low quality, low speed, low success rate of downloads x 1000 Europe
- Price of USD (2022): $300
- Price of USD (2023): $200
- Premium secure site, 20-50k requests per second, using elite proxies, 24 hours
- Price of USD (2022): $200
- Price of USD (2023): $170
- Unprotected website, 10-50k requests per second, 24 hours
- Price of USD (2022): $45
- Price of USD (2023): $35
- Unprotected website, 10-50k requests per second, 1 hour
- Price of USD (2022): $10
- Price of USD (2023): $10
What about in Russia?
What you can order
On the Russian darknet, you can buy information from many sources, including state databases: the police, traffic police, tax service, medical institutions, bailiffs ' service, civil Registry office, pension fund, and even the FSB. You can find out the history of border crossings, data on purchased tickets, the number of seats on the plane, and travel around the capital. The query execution speed is very fast: you can get a lot of data within a day.Some well-known investigations in our country were conducted using such methods.
You can find offers with a cost of a couple of tens of thousands for a service, but for the same money you can order a complete dossier per person.
Perhaps the demand for collecting personal data, hacking social networks and breaking through coordinates in our country prevails (no such studies have been conducted, but we can assume this, judging by the number of offers and publications). But you can also order services similar to those presented in the foreign study. Bank accounts, database hacks, and forged documents are all present. Unless offers for ID are not widespread – our main identity card is still a passport.
Can we have a more effective fight of law enforcement agencies against fraudsters?
It doesn't look like it. In Russia, spot checks of government employees are carried out when it becomes known about the leakage of "significant" (probably for the state) personal data, but there is no evidence that this has reduced activity in the market.Price dynamics and demand leaders
We also conduct some comparisons of the personal data fraud market from year to year.For example, tadveiser points out that we have a growing demand for calculating people's location:
Russians have become more willing to use the services of" punching " subscribers by location: in the first six months of 2023, the number of requests for this service increased 1.5 times, to 35,160. Such data was provided by BI.ZONE in early July 2023.
According to the Director of the BI Security Analysis and Fraud Prevention Department.According to Evgeny Voloshin, the peak demand for such services in 2023 occurred in May: the number of requests was 26,317. From May 14 to May 28, an average of 1.5 thousand messages appeared daily on specialized forums, he said.
The same source indicates that the price of" breaking through " coordinates varies depending on the mobile operator of the desired subscriber (Beeline – from 12-15 tr, MTS, Megafon – about 24-40 TR) and grows from year to year. Forbs also indicates an increase in the price of data breakdown.
Bank cards are also sold from year to year and also grow in price, reaching 100 tr in 2023.
After the start of mobilization, the Russian darknet was replenished with offers that help avoid mobilization, and there are options for 50 tr, and for 1.2-1.5 million rubles.
Fake medical books (which were sold before, without the need to go to the darknet) can be considered specific and popular in Russia. You can also order a fake BTI plan. Full analogues abroad are difficult to find, since these documents are not universal, but where there is a document or certificate, there is an opportunity to forge it.
It can be concluded that "private services" for jealous husbands/wives, as well as services for those who want to avoid mobilization, are available in our country to almost anyone who has bothered to search the Internet well. At the same time, services that allow you to earn money on the received data (drop cards, account hacking, fake documents) require more significant investments. Industrial espionage may tend to fall into the cheaper or more expensive category, depending on the scale of the business and the complexity of the services.
How to protect yourself from identity theft
These are our updated recommendations from the Privacy Affairs study. They may seem boring and unnecessary to you until they post a photo of your passport on social networks on your behalf and ask you to urgently collect money for an account number that you never had, due to some accident that did not happen to you.Stay away from public or insecure Wi-Fi networks
Do not use public Wi-Fi unless absolutely necessary. If you have to use it, enable VPN. If a fraudster gets access to an unsecured network where you are located, then at the same time they will get access to your data.Pay close attention to ATMs
- Check ATMs for skimmers.
To check for skimmers at ATMs:
- Gently push down on the sides of the card slot.
- Pay attention to loose components, as skimmers are usually mounted neatly and can move with a light push.
- Check the edges for glue or tape.
- Cancel the transaction if you find it difficult to insert your card into the ATM. Let the bank know about the problem.
- Check your keyboard.
Do not post, write, or communicate anything unnecessary over the phone.
Just do not post, write in private messages or say out loud on the phone anything that you would not like to see freely available on the Internet or in the hands of scammers.Use 2 or more communication channels
If you really need to send your bank card data or any other sensitive information, send it in parts in unrelated channels, for example, in parts in various instant messengers.Use disappearing messages or delete them manually
If you have sent significant personal information, such as passport scans in Yandex. Mail, delete the message so that it is not accessed by a fraudster who may hack your email tomorrow and view all attachments. In some instant messengers, you can use disappearing messages for this purpose.Send files with a password or with access by mail
If you are sending an online document with personal information, do not be too lazy to set access for your favorite recipients, if possible. You've probably used Excel spreadsheets – have you ever set a password on them? Send it to the recipient, of course, not in the same message and not in the same channel where you drop the file, but in a different channel.Don't click on suspicious links
Be careful and even in familiar services do not rush in cases when you are going to make purchases or send personal data. In this regard, apps are safer than websites – it reduces the likelihood that you will click on a similar link and not notice that you actually got to a fraudulent resource. However, even in the app, you may be sent a fake link. The company Avito, which constantly fights against delivery fraud, explains this in detail in its blog.Install an antivirus program
Then set the refresh rate to "Automatic".Take passwords seriously
- use different passwords for all services
- create as complex passwords as possible with a minimum length of 11 characters
- use a password manager. Many of them are free. Your browser can also remember passwords for you.
Learn to recognize scammers
You can read recommendations on how to distinguish real fees from fake ones, such as the guide from Tinkoff. Many banking apps also have security instructions. Learn them yourself and tell them to your loved ones.What should I do?
The scale of personal data fraud is so large that it is impossible to guarantee protection from it, but you can reduce the likelihood of serious losses if you carefully follow the recommendations on cybersecurity. They do not require an understanding of technology, rather they are similar to hygiene in everyday life and order in personal belongings.Text: @EgorKotkin
