If there is something that this 2016 will be remembered for in terms of cybersecurity, it is for the series of mega-leaks resulting from the massive hacks some of the most important services of the network. LinkedIn, Tumblr, MySpace, Vkontakte or Yahoo are just some of the services that have been compromised, and billions of passwords have been leaked as a result.
One of the common points that practically all these leaks have had is that the data has been sold through the Darknet, deep in the deep web. Specifically, the data has been sold in hidden markets, a kind of ebays to sell all kinds of content. But how easy is it to find where to buy stolen passwords?
With the aim of answering this question, I have taken a walk through the Darknet in search of the pages in which this type of content is sold, not so much to prove its existence as to see how easy it is for a casual visitor to find them. For this I have pulled our survival kit, I have downloaded Tor Browser and I have started browsing.
But before going into detail I would like to make one thing clear. It is possible that reading this article, some of you may come to the wrong conclusion that the Darknet, mistakenly called the Deep Web on many occasions, is just a place of perversion and stolen content. This it doesn’t necessarily have to be this way, and all you have to do is take a look at our 47-page .onion index to visit the nice side of the Deep Web.
7 TRICKS to get the most out of NETFLIX
It’s easy when you know what to look for
Some of the most important markets for this Darknet task, those that have been involved in some of the most important news in recent months, are undoubtedly the easiest to find because we know their names. That is why I have decided to start there. For example, in this news published by Gizmodo about the sale of Uber accounts, there is a capture of a store called Alphabay Market.
Therefore, I looked for that name in the same DuckDuckGo search engine implemented by Tor Browser, and the first link that appeared in the results It takes me straight to a sort of index called Deep Dot Web, where they seem to list all kinds of Darknet pages with a description and their .onion link.
Following the onion address of Alphabay on this page I get to a log-in screen where I access a simple form to register, and when I do bingo, I find a forum-type website where I just have to put words like “accounts” in the search engine to be able to buy accounts of different payment services, most of them porn.
In other leaks we ourselves have put captures of another popular flea market called TheRealDeal. I have done the same, and in the Tor Browser search engine I have searched for “therealdeal market”, leaving the Deep Dot Web page again as the first result. Curiously, the URL that they give us from their profile on this page (which is the same one that we have ever linked to) doesn’t seem to work, a sign that it has either closed or has changed direction.
In any case, having come to the same site twice, I decide to look a little more at this kind of index of Darknet markets. And without having to search for anything, in your visible “Must Read” section of featured articles, I first see an updated list with dozens of markets of this type.
Therefore, if you have a starting point, the name of a website to search for, it is extremely simple being able to find several stores in which to buy the stolen account passwords. The only steps you have to take is to use the Tor Browser search engine and register in the stores you want to enter. This last step is always easy because they do not usually ask you for too confidential information to do it.
But since not everyone is up to date with this type of activity and does not know the most popular stores, I also wanted to test if it is easy to find this type of online store without having a point or a name to start from. In this other test my first stop is that of so many others who are beginning to explore the depths of the web for the first time: The Hidden Wiki.
This is a huge index with links to some interesting pages on the Darknet. I don’t go to the .org that Google takes us to, but rather I search Tor Browser to find its .onion address. This is even bigger, and finding relevant information is a bit more complicated. Also, although there is a section for street markets, most of them are almost exclusively dedicated to drugs, so what I’m looking for is useless.
Still, fifteen or twenty minutes after I start exploring your links, I find a very interesting one. It’s in the Spanish links section, it’s called Hidden Answers And it is kind of Yahoo Answers from the Darknet. It also has an English version called Hidden Answers with even more participation.
After a few minutes looking for different combinations of words I search “accounts” or “dark market” and bingo, among the questions that used the term I find one in whose answers appear two links of interest. One is to the same “Alphabay” store that we have talked about before and that we already know sells stolen accounts, and the other is to another alternative that I did not know called HANSA Market.
This last store, unlike almost the majority, does not require registration to browse its content. I search for “MySpace” and immediately the sale of a database with 358,676,097 of entries with usernames and passwords. It costs just $ 600, so each account is worth negligible.
Therefore, in summary you could say that in half an hour or an hour at the most Anyone can enter the Darknet and find a store that sells millions of accounts stolen through massive hacks. To avoid fraud in these sales, online markets implement a voting system to rate sellers, so you can even measure the risks when buying this type of data.
How much is your password worth?
According to a study carried out by Hot Commodity based on the price of the leaks, on average each email account sells for 0.7 or 1.2 dollars, those of Amazon between 0.7 and 6 dollars, porn services, Netflix and Uber for a dollar or two, and the bills Paypal between 1 and 80 dollars according to the amount of money they have.
This means that something that can cause us as much annoyance as having an account stolen when it comes to being sold on the black market in the depths of the network has almost zero value. I wanted to verify that this is indeed so, and sadly it seems to be true, and the prices are very low.
The accounts of porn pages like Brazzers I found them for $ 0.99 In the net. For exactly the same reason I have managed to find a Netflix account, and for a price of starting at $ 1.49 I have found Spotify accounts. And what is more surprising, a pack with accounts for Netflix, Hulu Plus and Spotify is priced at just $ 4.99.
At the moment in which I have done the search I have not found Gmail accounts, but Amazon accounts I have seen for 4 and 15 dollars, and Paypal from 5 dollars the most basic to others stolen in Poland that for 30 dollars include 600 PLN, which is about 138 euros to change.
And of course, if you don’t want to depend on whether or not there are accounts available, you can also steal them yourself. That’s why they are sold guides to hack Paypal for 5 dollars, or services with which, in exchange for 2 dollars, a cracker hacks the account you want.
As we have seen, I have been able to verify that accessing the pages in which the stolen accounts are sold in megafiltracioens is easy, and also that the price of each individual account is very low considering the problem of being stolen from us. Therefore, to avoid fright it doesn’t hurt to stay informed about leaks and pull pages and apps like Have I Been Hacked? or Hacked to see if any of our accounts are exposed.
In Genbeta | Have I been hacked? With this Spanish page you will be able to know if your email has been hacked