Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Internet usability drives rate card variance for stolen credentials

Imperva : 04 February, 2010  (Technical Article)
Research from Imperva throws light on the pricing variation seen for stolen data depending on the services accessible on the internet that are available as a result of that data
The rapid evolution of Web 2.0 services and the parallel world of cybercrime is driving a revolution in the price that criminals charge each other for user credentials, says Imperva, the data security specialist.

The price of a file of user credentials - known as a `dump' in hacking circles - depends greatly on the Internet service(s) where they can be used, says Amichai Shulman, the firm's chief technology officer.

'Just five years ago, the illegal trade in credit card details was a rising problem for the financial services industry, as well as their customers, with platinum and corporate cards being highly prized by the fraudsters,' he said.

'Today, however, there are reports of Twitter credentials changing hands for up to $1,000 owing to the revenue generation that is possible from a Web 2.0 services account. This confirms our observations that credentials can fetch a high sum according to both the popularity of the application, and the `popularity' of the account in question,' he added.

This is clearly illustrated by the `going rate' of $1.50 for a Hotmail account, and $80.00-plus for a Gmail account. As a service, Hotmail has fallen out of favour of serious Internet users, while Gmail's all-round flexibility means it is central service for business users, he went on to say.

According to the Imperva CTO, this means that Gmail credentials can also give access to a range of Google cloud services, including Google Docs and Adword accounts.

Google Docs, he explained, can contain valuable additional information on the legitimate owner, while an Adwords account can allow criminals to manipulate existing and trusted search engine results.

And it's a similar story with Twitter accounts, but with the added dimension of the immediacy of a rapid-fire social networking connection, said Shulman.

This, he went on to say, is almost certainly the reason why some newswires were reporting earlier this week that Twitter had blocked the accounts of some users whilst they changed their passwords.

'Twitter accounts are valuable to criminals that they will use almost any technique to harvest user credentials, including targeted phishing attacks. Once a fraudster gains access to a Twitter account, they can misuse it in a variety of ways to further their fraudulent activities,' he said.

'If this isn't a wake-up call to anyone with multiple IDs that use the same password, I don't know what is. Internet users - especially those with business accounts - need to use different passwords for different services, or they could face the disastrous consequences of taking a slack approach to their credentials,' he added.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo