Darknet Market Price Index: Hacking Tools

This new edition of the Darknet Market Price Index investigates the illicit sale of hacking tools on the dark web. We found that it’s possible to dip your toe into online fraud for less than the price of a coffee.

Among the cheapest items traded are fake pages and password hacking tools for a massive array of brands from Apple and Facebook to Walmart and Amazon, selling for around $2.

For more details on the websites and apps affected see the brands section of our findings, where we have pulled out both US and UK brands of interest.

See all Darknet Market Price Index reports from 2018 to date

We also discovered that for as little as around $125 you can buy an impressive set of hacking tools that would permit a cybercrime spree, from infecting people with malware to hacking WiFi networks, all with a view to stealing personal data to commit identity theft.

Other pocket-change hacking tools include keyloggers ($2.07 on average), WiFi hacking software ($3), Bluetooth hacking tools ($3.48) and even powerful malware for not much more than most people spend on their lunch (Remote Access Trojans, $9.74).

At the other end of the scale, we found powerful hardware typically used by the police that spoof cell towers and can intercept cell data, with the highest bandwidth versions listing at $50,000.

The alarmingly low barrier of entry to online fraud is lowered even further by the proliferation of hacking manuals typically selling for $9 or less or even thrown in for free as a sweetener with the sale of hacking tools.

Most of us have dozens of online accounts that can be hacked with the right tools and techniques. Our team of cybersecurity experts reviewed tens of thousands of listings on five of the most popular darknet markets: Dream; Point; Wall Street Market; Berlusconi Market; and Empire.

These encrypted websites, which can only be reached using the Tor browser for additional privacy, allow criminals to anonymously sell hacking tools, along with all sorts of other contraband, such as illicit drugs, stolen personal data and weapons.

We focused on listings featuring hacking software and hardware, digital files used in fraud, digital guides for online scams, and fraudulent accounts to create this edition of the Darknet Market Price Index.

We analyzed each listing and calculated average sale prices for categories of items sold to help the public understand just how easy it is for a rookie cybercriminal to get started stealing their personal data.

Password Hacking Tool Custom Files

Numerous password cracking software tools are only a Google search away even on the normal web. Legitimately useful for improving server security by discovering weak passwords, they can also be used maliciously.

Requiring proper configuration for each target, enterprising hackers are selling files containing customized settings for pretty much any app or website you can think of, from email and social media to gaming and online shopping. Each one will typically set you back just $1.96. We collated a list of brands that we found with such files advertised but there’s many more appearing daily.

Keylogger

Simple yet effective software that captures every keystroke on your computer. Keyloggers can be installed a number of ways, including remotely, and are used by scammers to grab login credentials and fraudulently access online accounts. The average price on the dark web for keylogger software was just $2.07.

Phishing Pages

Phishing involves fraudulently attempting to obtain personal information by pretending to be a trusted entity, such as a popular website or financial institution.

Phishing has long been one of the most common ways cybercriminals steal both online account credentials and what’s known as “fullz”, or the full package of identifying information that enables identity theft.

We found that ready-made phishing pages for the world’s most popular consumer brands proliferate on the dark web, driving the price down to a near-uniform $2.07. We noted that the only brands to cost more than this were Apple, more than double the price at $5.11 and Netflix at $3.54 suggesting the greater value of their customers to scammers.

WiFi Hacking Software

This software is intended for testing and improving the security of your wireless network by brute forcing passwords and sniffing the data being broadcast. It may be illegal to use it on a network without permission from its owner but that won’t stop hackers determined to steal your data.

It’s possible to access such software for free on the normal web, so dark web vendors sell cheaply ($3) and tend to offer bundles including additional resources and even customer support to tempt buyers.

Bluetooth Hacking Software

The Bluetooth hacking software we discovered had a very specific purpose: to hack smartphones and call premium numbers, racking up the cost on victims’ accounts. The average cost was $3.48.

Note, the more typical type of Bluetooth hacking tends to be done via hardware gadgets sold on the clear web.

FBI/NSA Hacking Tools

The series of leaks of U.S. intelligence agency cybertools in recent years^[1] has put some extremely powerful hacking tools in the public domain and arguably led to an increase in cybercrime. Massive bundles of this professional-grade software are being traded for the price of a beer ($5.64), despite notionally being worth thousands of dollars.

We discovered listings offering tools that among other things could:

• Retrieve deleted texts from smartphones
• Bypass lockscreens
• Find passwords to encrypted backups
• Extract data from cloud services
• Decrypt items protected by BitLocker, TrueCrypt and other encryption services
• Retrieve passwords from numerous applications

Cryptocurrency Fraud & Miner Malware

Cryptocurrency, such as Bitcoin or Monero, is very attractive to cybercriminals due to its potential for anonymous transactions and rocketing value. We found two types of malware relating to crypto: tools for either stealing it or creating it.

Malware, or malicious software, tends to be implanted on victims’ computers to cause mischief of some kind. The crypto fraud malware we found sells for $6.07 and promises to steal a target’s Bitcoin, currently trading at over $7,800 at the time of writing.

As there is no central bank issuing new notes, cryptocurrencies are instead created by “mining”, ie the performing of calculations required to verify transactions.^[2]

It becomes exponentially more difficult to do this as miners compete to complete the calculations, so the more processing power you have, the more currency you can generate. One way to cheaply scale up processing power is to infect as many people as possible with mining malware and run the process in the background on multiple machines.

The malware we found was for Monero rather than Bitcoin as it’s less valuable – it was trading at $141 at the time of writing – and therefore easier to mine. Nevertheless, this malware commands an average of $73.74 on the dark web, and sometimes much more than that.

Hacking Software

This is a catch-all category that includes other kinds of hacking software not covered elsewhere in our index. It includes tools for checking credit card balances, phone passcode bypassers and a tool for hacking PCs via RDP (Remote Desktop Protocol).

Remote Access Trojan

This particularly nasty strain of malware allows a hacker to take full control of your computer. Not only can the hacker log all your keystrokes and access private files in order to commit identity theft and defraud you, but it’s unfortunately also common for voyeurs to use these so-called RATs for webcam spying.

We found several listings for the notorious and extremely powerful Blackshades RAT ^[3] that’s believed to have infected over half a million devices. This trojan also allows hackers to include infected computers in a botnet. We also found RATs for use on the Android operating system. The average cost for these powerful tools was just $9.74.

Anonymity Tools

Rookie hackers can pay to cover their tracks with a range of anonymity software tools that trade for an average of $13.19. These include custom web browsers, such as the heavily modified version of Firefox dubbed FraudFox VM,^[4] and crypters, tools that disguise malware as benign files. We also found anonymous SMS and phonecall spoofers for use in scams, each costing less than $1.

Forgery Templates

We found a wide range of digital templates for bank statements, utilities, passports, pay stubs and driving licenses with detailed guides on how to use them effectively. The typical price for these digital files was $13.97, reflecting their value when used in combination with stolen personal data to open lines of credit.

Carding Software

When used with cheap and readily available hardware, this very powerful software allows con artists to clone credit and debit cards and changes hands for an average of $44.37. It sells for over $2,600 through official channels.

Password Hacking Software

We found a wide pricing spectrum for password cracking software. The most expensive was over $750 for a computer program designed to crack accounts at a popular Canadian loyalty program that’s already been the subject of a high-profile attack.^[5] More common were programs designed to brute force passwords for social media, with Facebook and Instagram heavily targeted, and more general account crackers promising access to Netflix, Spotify and Amazon among others, costing well under $10.

Malware

Among the malware we found (costing $45 on average) were custom instances of ransomware that will lock up your computer, permanently encrypting its contents unless a ransom is paid. Vendors boasted that their malware was undetectable by antivirus and could be customized based on your own preferences. We also found the Blackhole exploit kit for sale, a method of spreading malware and once described as the most notorious malware of its kind.^[6]

Fraudulent Accounts

A vital part of a successful cyber scam will often be a secure destination for the ill-gotten gains, whether that be an unsuspicious online payment account or a postal address with no connection to the fraudster. This is reflected in the relatively high cost of such items on the dark web at $145 on our index.

We found listings for Swiss Post accounts claiming to be fully verified and “not hacked – nobody knows about their existence, so you can use them securely”. We also found aged and verified Paypal business accounts and other similar accounts.

Cell Tower Simulation Kit

These kits may set you back up to $50,000 but they are incredibly powerful devices, known as IMSI-catchers or more colloquially as “stingrays”.^[7] They are typically used by police and intelligence services to secretly intercept mobile phone traffic.

A hacker with a stingray could spoof a mobile phone tower sending out signals that forced nearby devices to connect, identify themselves and send texts and calls through the fake tower. This kind of dragnet would scoop up an incredible amount of data for a hacker to take advantage of.

Guides

Thanks to the dark web, lack of knowledge or technical experience is no barrier to successfully committing cybercrimes. Not only are the hacking tools themselves available for pocket change but manuals to committing these deeds are also similarly cheap and easy to access.

As well as step-by-step guides on how to hack accounts or infect people with malware, we also discovered exploits for sale. These listings were sometimes very expensive (over $9,000 in one instance) and promised to share details of vulnerabilities that would net the buyer many thousands of dollars profit.

Other more disturbing guides advertised methods for targeting the young userbase of popular video game Minecraft for infection with the remote access trojans discussed above.

Our team reviewed all fraud-related listings on five of the largest darknet markets, Dream, Point, Wall Street Market, Berlusconi Market and Empire Market over 2-25 July, 2018. Relevant listings were collated and categorized in order to calculate average sale prices. Prices were collected in USD and converted to GBP using the exchange rate at the time of listing ($1.31 rate).

Darknet Market Price Index: Hacking Tools

^{[1] https://www.npr.org/2017/10/05/555922305/report-hackers-stole-nsa-cybertools-in-another-breach-via-another-contractor ↩}

^{[2] http://www.itpro.co.uk/digital-currency/30249/what-is-cryptocurrency-mining ↩}

^{[3] https://www.washingtonpost.com/news/morning-mix/wp/2014/05/20/5-scary-things-about-blackshades-malware/ ↩}

^{[4] https://www.pcworld.com/article/2872372/this-tool-may-make-it-easier-for-thieves-to-empty-bank-accounts.html ↩}

^{[5] https://www.cbc.ca/news/business/pc-optimum-account-hack-points-rewards-1.4586135 ↩}

^{[6] https://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-2/ ↩}

^{[7] https://www.eff.org/pages/cell-site-simulatorsimsi-catchers ↩}