It’s possible to dip your toe into online fraud for less than the price of a cheap takeaway coffee, according to new research into the illicit sale of hacking tools on the dark web. Among the cheapest items traded are fake pages and password hacking tools for a massive array of brands from Apple and Facebook to Tesco and Amazon, selling for around £2 or less.
We also discovered that for as little as around £100 you can buy an impressive set of hacking tools that would permit a cybercrime spree, from infecting people with malware to hacking WiFi networks, all with a view to stealing personal info to commit identity theft.
Other pocket-money hacking tools include keyloggers (£1.58 on average), WiFi hacking software (£2.29), Bluetooth hacking tools (£2.65) and even powerful malware for not much more than most people spend on their lunch (Remote Access Trojans, £8.47).
At the other end of the scale, we found powerful devices typically used by the police that spoof mobile phone towers and can intercept mobile phone data, with the highest bandwidth versions listing at over £38,000.
The alarmingly low barrier of entry to online fraud is lowered even further by the proliferation of hacking manuals typically selling for £8 or less or even thrown in for free as a sweetener with the sale of hacking tools.
Most of us have dozens of online accounts that can be hacked with the right tools and techniques. Our team of security experts reviewed tens of thousands of listings on five of the most popular dark web markets; Dream; Point; Wall Street Market; Berlusconi Market; and Empire. These encrypted websites, which can only be reached using the Tor browser, allow criminals to anonymously sell hacking tools, along with all sorts of other contraband, such as illicit drugs, stolen info and weapons.
We focused on listings featuring hacking software and hardware, digital files used in fraud, guides for online scams, and fraudulent accounts to create this edition of the Dark Web Market Price Index. We analysed each listing and calculated average sale prices for categories of items sold to help the UK public understand just how easy it is for a rookie fraudster to get started.
Dark Web Market Price Index – Hacking Tools (July 2018 – UK Edition)
|Item for Sale||Average Sale Price|
|Tools||Password Hacking Tool Custom Files||£1.57|
|WiFi Hacking Software||£2.29|
|Bluetooth Hacking Software||£2.65|
|FBI/NSA Hacking Tools||£4.62|
|Cryptocurrency Fraud Malware||£5.01|
|Remote Access Trojan||£8.47|
|Password Hacking Software||£38.61|
|Cryptocurrency Miner Malware||£58.47|
|Cell Tower Simulator Kit||£21,602.33|
|Postal System Stealth||£3.24|
Source: Dark web market listings collected over July 2-25 2018. Markets monitored were Dream, Point, Wall Street Market, Berlusconi Market and Empire Market. Prices collected in USD and converted to GBP using exchange rate at time of listing.
Sale Prices Explained
Password Hacking Tool Custom Files
Numerous password cracking programs are only a Google search away even on the normal web. Legitimately useful for improving server security by discovering weak passwords, they can also be used maliciously.
Requiring proper configuration for each target, enterprising hackers are selling files containing customised settings for pretty much any app or website you can think of, from email and social media to gaming and online shopping. Each one will typically set you back just £1.57. We collated a list of brands that we found with such files advertised but there’s many more appearing daily.
Simple yet effective software that captures every keystroke on your computer. It can be installed a number of ways, including remotely, and is used by scammers to grab login credentials and fraudulently access accounts. The average price on the dark web was just £1.58.
Phishing – or the fraudulent attempt to obtain personal information by pretending to be a trusted entity, such as a popular website or financial institution – is one of the most common ways cybercriminals steal not only logins but what credit card hackers call “fullz”, or the full package of identifying information that enables identity theft.
We found that ready-made phishing pages for the world’s most popular consumer brands proliferate on the dark web, driving the price down to a near-uniform £1.58. We noted that the only brands to cost more than this were Apple, more than double the price at £4.81, Netflix at £4.06 and Paypal at £1.68, suggesting the greater value of their customers to scammers.
WiFi Hacking Software
This type of software is intended for testing and improving the security of your wireless network by brute forcing passwords and sniffing the data being broadcast. It may be illegal to use it on a network without permission from its owner but that won’t stop hackers determined to steal your data.
It’s possible to access this type of software for free on the normal web, so dark web vendors sell cheaply (£2.29) and tend to offer bundles including additional resources and even customer support to tempt buyers.
Bluetooth Hacking Software
The Bluetooth hacking software we discovered had a very specific purpose: to hack smartphones and call premium numbers, racking up the cost on victims’ accounts. The average cost was £2.65.
Note, the more typical type of Bluetooth hacking tends to be done via hardware gadgets sold on the normal web.
FBI/NSA Hacking Tools
The series of leaks of US intelligence agency cybertools in recent years has put some extremely powerful hacking tools in the public domain and arguably led to an increase in cybercrime. Massive bundles of this professional grade software are being traded for the price of a pint (£4.62), despite notionally being worth thousands of dollars.
We discovered listings offering tools that could retrieve deleted texts from smartphones; bypass lockscreens; find passwords to encrypted backups; extract data from cloud services; decryption of items protected by BitLocker, TrueCrypt and other encryption services; retrieve passwords from numerous applications; and much more than that.
Cryptocurrency Fraud & Miner Malware
Cryptocurrency, such as Bitcoin or Monero, is very attractive to cybercriminals due to its potential for anonymous transactions and rocketing value. We found two types of malware relating to crypto: tools for either stealing it or creating it.
Malware, or malicious software, tends to be implanted on victims’ computers to cause mischief of some kind. The crypto fraud malware we found sells for £5.01 and promises to steal a target’s Bitcoin, currently trading at over £6,000 at the time of writing.
As there is no central bank issuing new notes, cryptocurrencies are instead created by “mining”, ie the performing of calculations required to verify transactions. Simply put, given that it becomes more difficult to successfully to do this as miners compete to complete the calculations, the more processing power you have, the more currency you can generate. One way to do this is to infect as many people as possible with mining malware and run the process in the background on multiple machines.
The malware we found was for Monero rather than Bitcoin as it’s less valuable – it was trading at £108 at the time of writing – and therefore easier to mine. Nevertheless, this malware commands an average of £58.47 on the dark web, and sometimes much more than that.
This is a catch-all category that includes other kinds of hacking tool not covered elsewhere in our index. It includes tools for checking credit card balances, phone passcode bypassers and a tool for hacking PCs via the Remote Desktop Protocol.
Remote Access Trojan
This particularly nasty strain of malware allows a hacker to take full control of your computer. Not only can they log all your keystrokes and access private files in order to commit identity theft and defraud you, but it’s unfortunately also common for voyeurs to use these so-called RATs for webcam spying.
We found several listings for the notorious and extremely powerful Blackshades RAT that’s believed to have infected over half a million devices. This trojan also allows hackers to include infected computers in a botnet. We also found RATs for use on the Android operating system. The average cost for these powerful tools was just £8.47.
Rookie hackers can pay to cover their tracks with a range of anonymity tools that trade for an average of £10.51. These include custom web browsers, such as the heavily modified version of Firefox dubbed FraudFox VM, and crypters, tools that disguise malware as benign files. We also found anonymous SMS and phonecall spoofers for use in scams, each costing less than £1.
We found a wide range of digital templates for bank statements, utilities, passports, pay stubs and driving licenses with detailed guides on how to use them effectively. The typical price for these files was £12.21, reflecting their value when used in combination with stolen information to open lines of credit.
When used with cheap and readily available hardware, this very powerful software allows con artists to clone credit and debit cards and changes hands for an average of £33.83. It sells for around £2,000 through official channels.
Password Hacking Software
We found a wide pricing spectrum for password crackers. The most expensive was
almost £600 for a program designed to crack accounts at a popular Canadian loyalty program that’s already been the subject of a high profile attack. More common were programs designed to brute force passwords for social media, with Facebook and Instagram heavily targeted, and more general account crackers promising access to Netflix, Spotify and Amazon among others, costing under £10.
Among the malware we found (costing £37.43 on average) were custom instances of ransomware that will lock up your computer, permanently encrypting its contents unless a ransom is paid. Vendors boasted that their malware was undetectable by antivirus and could be customized based on your own preferences. We also found the Blackhole exploit kit for sale, a method of spreading malware and once described as the most notorious malware of its kind.
A vital part of a successful scam will often be a secure destination for the ill-gotten gains, whether that be an unsuspicious account or a postal address with no connection to the fraudster. This is reflected in the relatively high cost of such items on the dark web at £110.59 on our index.
We found listings for Swiss Post accounts claiming to be fully verified and “not hacked – nobody knows about their existence, so you can use them securely”. We also found aged and verified Paypal business accounts and other similar accounts.
Cell Tower Simulation Kit
These kits may set you back up to £38,000 but they are incredibly powerful devices, known as IMSI-catchers or more colloquially as “stingrays” and typically used by police and intelligence services to secretly intercept mobile phone traffic. A hacker in possession of one of these can spoof a mobile phone tower sending out signals that force nearby devices to connect, identify themselves and send texts and calls through the fake tower. This dragnet scoops up an incredible amount of data for a hacker to take advantage of.
Thanks to the dark web, lack of knowledge or technical experience is no barrier to successfully committing cybercrimes. Not only are the tools available for pocket change but manuals to committing these deeds are also similarly cheap and easy to access.
As well as step-by-step guides on how to hack accounts or infect people with malware, we also discovered exploits for sale. These listings were sometimes very expensive (around £7,000 in one instance) and promised to share details of vulnerabilities that would net the buyer many thousands of pounds profit.
Other more disturbing guides advertised methods for targeting the young userbase of popular video game Minecraft for infection with the remote access trojans discussed above.
We selected the following suite of tools that would allow a wannabe hacker to commit online fraud in the most common ways while also avoiding detection in order to determine the financial barrier of entry to this type of cybercrime. The total average cost was £101.19.
|Item||Average Sale Price|
|Cryptocurrency Fraud Malware||£5.01|
|Remote Access Trojan||£8.47|
|WiFi Hacking Software||£2.29|
We found phishing pages and password hacking tool custom files on sale for over 60 major apps and websites. For around £2 or less, these items are designed to not only give scammers to those particular accounts but also get enough of a foothold into your personal data to commit identity theft. Once a hacker has pieced together enough of your personal info, they can open lines of credit in your name and cause you major problems that can be life-altering and very time-consuming to resolve.
These are some of the biggest brands we found, for the full list see our dark web market brands data set.
|Brand||Average Sale Price|
Protect Your Login Credentials
Look Up Stolen Data from Known Breaches
Use the Have I Been Pwned website to see if your passwords have been stolen. If they come up in the search results, you need to change them right now.
Use a Virtual Private Network
This is software that masks your IP address, and further encrypts your web connections. The best VPN services safeguard your security, especially on free WiFi networks. We recently reviewed NordVPN once more, and it’s now optimized to protect your online security.
Use a Password Manager
As we mentioned above, Keyloggers steal your usernames and passwords as you type them in. By using a password manager, which generates secure passwords and saves your login information in a secure app, you don’t have to type in passwords anymore. Instead, you can autofill your sign-in data into any login form, which Keyloggers can’t record.
Delete Accounts You Don’t Use
Delete old accounts and inactive permanently. The information they hold can still be used for identity theft, if a hacker obtains it. And if you’ve used the same password elsewhere, other more important accounts could be at risk.
Enable Two-factor Authentication (2FA)
2FA is built to reduce the risk of online accounts being hacked. When enabled, a website or app will require you to confirm a login attempt, by asking you for a unique six-digit passcode sent to you via SMS, or through an authenticator app (our recommended method).
Our team reviewed all fraud-related listings on five of the largest dark web markets, Dream, Point, Wall Street Market, Berlusconi Market and Empire Market over 2-25 July, 2018. Relevant listings were collated and categorised in order to calculate average sale prices. Prices were collected in USD and converted to GBP using the exchange rate at the time of listing ($1.31 rate). Dark Web Market Price Index: Hacking Tools (July 2018)
Refer to the main edition of Dark Web Market Price Index for stolen consumer data pricing.
 https://www.npr.org/2017/10/05/555922305/report-hackers-stole-nsa-cybertools-in-another-breach-via-another-contractor ↩
 http://www.itpro.co.uk/digital-currency/30249/what-is-cryptocurrency-mining ↩
 https://en.wikipedia.org/wiki/Blackshades ↩
 https://www.pcworld.com/article/2872372/this-tool-may-make-it-easier-for-thieves-to-empty-bank-accounts.html ↩
 https://www.cbc.ca/news/business/pc-optimum-account-hack-points-rewards-1.4586135 ↩
 https://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-2/ ↩
 https://en.wikipedia.org/wiki/IMSI-catcher ↩