How do hackers start
How do hackers monetize stolen data?
Cyber criminals go to great lengths to steal your data. But what exactly do you do with the information once you have it in your fingers?
In most cases, data theft is due to money. After the crooks have stolen your information, they can turn it into profit through shady channels, for example by taking out loans or making purchases on your behalf, demanding a ransom for the surrender of your data or selling it to the highest bidder on the Darknet.
In this post, we'll tell you how hackers steal your data and turn it into money - and how much it's worth on the black market.
How do hackers steal your data?
There are countless ways that criminals can get your information. The following list is therefore not exhaustive, but gives you a good overview of the most common methods:
There are many types of malware that can be used to steal personal information, such as keyloggers, infostealers, and banking malware.
Most types focus on login data, credit card information, data for automatic completion in the browser or wallets (i.e. electronic purses) for cryptocurrency. Some, such as the infamous Vega Stealer, sniff out certain file types, such as PDF, Word, Excel or text files, and exfiltrate (unauthorized data transfer) them to an external tax server.
Malware is typically spread through malicious email attachments, malvertising, drive-by downloads, and pirated software. You can protect your system from malware using a proven antivirus solution like Emsisoft Anti-Malware.
Phishing is a technically simple form of so-called social engineering (i.e. the manipulation of users) in which cyber criminals try to obtain confidential information such as login details, credit card information and personal data.
In a typical phishing scam, attackers pose as a trustworthy company such as Microsoft, Amazon, or Netflix and claim that there is a problem with your account. The message will ask you to click a link to resolve the problem by confirming your password or entering your credit card information. This data is then forwarded directly to the hackers, who can then use it to access your accounts and the data stored in them.
Phishing attacks usually take place via email, but social networks, text messages, and calls are also common attack vectors.
3. Weak passwords
Hackers can also steal your data by cracking your online account passwords. There are also various techniques for doing this:
- Stolen passwords: When a large service provider has been hacked, millions of passwords are often revealed, which are then sold or posted publicly on the Internet. Since many users use the same password for multiple accounts, attackers can use the credentials published in this way to access other accounts of the respective user. You can check whether one of your accounts has been affected by such a vulnerability by entering the relevant email address on Have I Been Pwned.
- Brute force attacks: Hackers use special tools to enter every possible combination of characters into a password field until the correct password is guessed. The shorter and simpler the password, the faster it can be cracked with a brute force attack.
- Keylogger: Using data-stealing malware such as keyloggers, attackers can record the keystrokes on your keyboard and thus also spy on your passwords and other information.
- Phishing: Hackers also use social engineering to try to extract usernames and passwords from you. Phishing attacks can be very persuasive and can come from a trusted account that has been compromised, for example.
- Post exploitation tools: Some tools are designed to extract passwords and other sensitive information from systems that have already been compromised. If your system has been compromised by malware, for example, an attacker can use a tool like Mimikatz to view and steal the login data stored on the system.
You can find more information and tips on how to do this in our blog article on securely managing passwords.
4. Unsecured connections
Attackers can also steal your data by spying on unsecured connections such as public WiFi networks. Public WiFi is often unsecured and unencrypted, exposing users to a variety of attacks such as:
- Man-in-the-middle attacks: Attackers intercept your data by placing themselves between your device and the public WLAN. This gives them access to all data (including your passwords and financial information) that is exchanged between you and the websites you visit, as long as you are connected via this WiFi network.
- Honey pot hotspot: Attackers set up a WiFi access point that resembles a legitimate hotspot, allowing them to eavesdrop on network traffic. These honeydew hotspots are also popular to use to spread malware or redirect you to malicious websites.
This is how hackers monetize stolen data
As soon as the hackers have your data in their fingers, they will first go through it. You search your data for valuable information, such as registration data, financial information, names, telephone numbers, addresses or insurance numbers, and organize them in a database. Once the data has been sorted, there are many options for the hackers to monetize it.
Use for own purposes
In some cases, the hackers misuse the stolen data to make purchases or commit fraud. Although this is rather rare, as it attracts the attention of the authorities faster than selling large amounts of data anonymously online, it does happen every now and then.
With your data, attackers can:
- shopping online
- Withdraw money from your bank account
- Apply for loans
- Have credit cards issued
- Commit insurance fraud
- Pay off your own debts
- Ask for money from your contacts through your accounts (email or social media)
Selling your credentials
Usernames and passwords are often sold in bulk over the darknet. These buyers can then use their login credentials to transfer money from their account, shop online or use payment services.
According to a Symantec report on the shadow economy, your account information is typically worth this:
- Gaming Platform Accounts: $ 0.50-12.00
- Video and Music Streaming Service Accounts: $ 0.10-2.00
- Cloud Service Accounts: $ 5–10.00
- Online banking accounts: 0.5–10% of the account value
Selling personal data on the black market
Hackers sell personal data via the darknet on the black market. This data is also typically sold in bulk. The more up-to-date the data, the more money it brings in.
This is how much your data is worth:
- Name, Social Security Number, and Date of Birth: $ 0.10–1.50
- Medical records and prescriptions: $ 15.00-20.00
- ID / passport scans or templates: USD 1.00–35.00
- Mobile phone online access: USD 15.00–25.00 [nbps]
- Full personal information (name, address, phone number, social security number, email address, bank account): USD 30.00–100.00
- While that doesn't sound like a lot of money, it adds up when the data is often sold in massive quantities. Attackers who were able to successfully hack a large company can gain access to the data of millions of users, which makes good profits when sold in a package. In 2019, the hackers behind the Canva data breach on the Darknet offered the data of 932 million users for sale, which they had stolen from 44 companies.
Sell your credit card information
Attackers typically sell credit card information in packages of hundreds or even thousands of stolen credit cards. The data is often bought by so-called "carders" (as the fraudsters are called) in order to cover up their machinations by buying gift cards with the stolen data and then using these to buy the actual goods. They then sell these via the Darknet and legitimate channels such as eBay.
How much is your credit card information worth?
- Single credit card: $ 0.50-20.00
- Single credit card with all data: USD 1.00–45.00
Request ransom for your data
Some types of ransomware have a data exfiltration feature that allows hackers not only to encrypt data, but also to steal data through various channels (e.g. FTP, HTTP, HTTPS, SSL / TLS).
Attackers can then use the stolen data to blackmail you into paying the ransom, which averages a staggering 84,000 USD. Or they sell your personal data as additional income on the black market.
Sale of valuable intellectual property
It's also not uncommon for hackers to attack large companies and then sell the stolen data to companies in developing countries. These are well thought-out and state-subsidized attacks that are extremely lucrative for both the attacker and the commissioning country. It is estimated that China's intellectual property theft costs the US economy $ 50 billion a year.
Consequences of data theft for victims
Data theft can have serious consequences for victims. In the short term, the time-consuming procedure is necessary to protect the affected accounts again, to revoke fraudulent purchases and to replace stolen credit cards.
This is annoying, but it doesn't necessarily have drastic effects. In addition, however, it can also have long-term consequences.
For example, if your data has been used for scams, it could affect your creditworthiness. Such damage is very difficult to reverse and can prevent you from taking out a loan in the future (e.g. to buy or rent a property). In addition, using your work accounts to carry out malware or phishing attacks could damage your career, result in business losses, or result in disciplinary action from your manager.
The motive for data theft is usually money. There are many ways for cyber criminals to gain access to your data, such as malware, phishing, cracked passwords or man-in-the-middle attacks. As soon as they get their hands on your data, they can use it to commit scams or sell them via the darknet.
Translation: Doreen Schäfer
- Was anyone afraid of the food?
- What are your favorite websites
- Book recommendations 5
- How does the proof by induction work?
- What kind of camels do Arabs buy
- What is the chemical name for silicone
- How do you reduce stress at work
- How long has Mao Zedong been dead
- Doctors can check themselves
- Can I take cooking classes online?
- Who best explains the Pareto principle?
- How did you get to know your horse
- Is horse racing a real sport
- What are the best books on intellectualism
- I didn't choose in NICMAR
- How do you say elephant in Turkish
- What is an illusion of the mind
- Why did the daemonization fail
- What is a jury subpoena
- Is it normal to have frequent sex?
- What do you think of ring lights
- How do cats distinguish men from women
- What do you mix eggs with
- Which companies are Fair Trade certified