Canada markets open in 1 hour 50 minutes

Here's what data for sale looks like on the Dark Web

Ethan Wolff-Mann
Senior Writer

Companies are getting hacked on a regular basis these days. Sometimes that data ends up allegedly in the hands of the Chinese military, like it did with the Equifax hack. Sometimes the data is used by the entity that carried out the hack, like a ransomware attacker. But often it ends up for sale on the Dark Web.

Read more: What to do it your credit card or other personal data is hacked

Many have heard of the Dark Web, a mysterious online marketplace invisible to Google’s search engines where people buy and sell drugs, fraudulent info, and conduct other illegal affairs. But it’s often only passingly referred to, without examples of what it actually looks like. Because it’s unindexed by search engines and hidden, the Dark Web isn’t easy to access for most people.

ILLUSTRATION - 16 July 2019, Berlin: A man sits in front of three screens with text. Photo: Annette Riedl/dpa-Zentralbild/dpa (Photo by Annette Riedl/picture alliance via Getty Images)

Cybersecurity firm Sixgill, which found that stolen credit card info has skyrocketed on the Dark Web recently, shared images of the marketplace with Yahoo Finance, showing listings for tools that carry out scams on consumers and data dumps for sale.

Physical hacking tools and compromised data

Sixgill highlighted two devices for sale on the Dark Web, an EMV chip card skimmer and a skimming device to steal credit card information from a gas pump. The “all kind” fuel pump skimmer connects to the pump’s power and can “operate indefinitely,” the post brags.

A dark web post showing a credit card skimmer that can be installed at a gas station. (Sixgill)

Besides devices that skim people’s data, there’s a lot of data already hacked and ready for use. There’s a trove of data of “bank employees” from a Russian hacker, and a database for sale containing emails from “various staff” at one university.

This type of information is really useful because it can help facilitate future attacks, according to a Sixgill analyst who requested anonymity due to the nature of his work researching criminals and criminal activity. If a hacker can find out who a certain company’s leaders are, it can better target that leadership and get someone’s Gmail. Once the Gmail is breached, hackers can figure out what bank people use and then deploy automated scripts to test logins and gain access. 

A listing for a trove of emails that were hacked from a university. (Sixgill)

Often times, threat actors will use the Dark Web to find people to work with. In one post, someone is looking for a person with experience in “CEO fraud.” In another, an insider at a Spanish bank asks to be pinged on Telegram, a cloud-based instant messaging service.

Going after a CEO also has advantages, according to Sixgill, because an imitated email from the top means people will often click on it or respond quickly and reflexively.

A threat actor looks for someone to work with who has experience in CEO fraud. (Sixgill)

The Dark Web isn’t one place, but a wide array of regular websites and remote corners of legitimate platforms — Telegram, instant messaging service Tencent QQ, and Discord (a messaging site designed for the video game community). Some if it is like Amazon, but some of it is much more casual.

Legitimate sites like these often take immediate action against posts if they’re discovered or reported. Discord told Yahoo Finance a post like this would be immediately removed, citing community guidelines.

Telegram says in its FAQ that it actively goes after combatting ISIS and terrorism posts, but that chats and group chats are private and therefore requests to remove them will not be processed. However, there is an anti-scam reporting system in place, as well as an abuse email account. Telegram and QQ didn’t respond to questions from Yahoo Finance.

Sixgill’s platform identified a bunch of listings on a wide array of services. Here’s a post from Discord servers showing how payments happen and how more info is more valuable. For this post of German credit card, the bank information adds $40 worth of value.

According to Sixgill, card info has a wide variety of values. Sometimes they are $5 and sometimes into the hundreds, depending on the origin of the cards and whether they have CVV/CVV2 information — those security numbers on the back of the card — and ZIP codes. 

“The idea is a threat actor can take that info and clone a card, creating actual plastic, where they’ll go in store to use it,” the Sixgill analyst said. “Then there is the other way: with CVV and CVV2 info where that’s used for online purchases. That creates another layer of anonymity for threat actors.”

A listing for a dump of credit card info. (Sixgill)

This post from a Telegram group highlights the fact that fresh cards are much more valuable, since people and banks will try to stop fraud quickly. Canadian and British cards are more valuable than American cards, because the limits are generally higher.

List prices for credit cards (Sixgill)

This is a post from QQ, a Chinese messaging app. It is selling CVV data for a few Chinese banks, but also banking trojan malware.

This listing has multiple items for sale. (Sixgill)

A recent Sixgill report noticed that Russian cards are “exceptionally underrepresented, despite Russian speakers’ prominent role in the underground community.” In fact some Russian threat actors specifically say the tools can’t be used in Russia. Sixgill said that is likely because law enforcement cares less if criminals target other countries.

Malware is sold sometimes with a "no Russia or CIS" clause. (Sixgill)

A big takeaway from the experts from Sixgill is that the Dark Web is changing. Non-traditional platforms have become a key part of trying to avoid law enforcement, which means that a year from now data dumps may look different or be on completely new platforms. This business is lucrative — and scammers are motivated.

Ethan Wolff-Mann is a writer at Yahoo Finance focusing on consumer issues, personal finance, retail, airlines, and more. Follow him on Twitter @ewolffmann.

Read the latest financial and business news from Yahoo Finance

Follow Yahoo Finance on TwitterFacebookInstagramFlipboardLinkedIn, YouTube, and reddit.