(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Researchers at Eindhoven University of Technology in Netherlands have found evidence of a sophisticated Russian online black market that trades user profiles, allowing criminals to access valuable information, including credit card details.
The marketplace offers over 2.5 lakh highly detailed user profiles, including email addresses and passwords, the team said in a study titled ‘Impersonation-as-a-service: Characterising the Emerging Criminal Infrastructure for User Impersonation at Scale’.
The uniqueness of this underground website is not only its scale, but also the fact that all the profiles are continually updated, the team said.
Additionally, attackers can search the database to select an internet user they want to target, enabling highly dangerous spear phishing attacks. They can also download software that automatically loads the purchased user profiles in targeted websites.
The team coined the term ‘impersonation-as-a-service’ to define the systematic nature of the service. It is the largest and most sophisticated criminal marketplace to offer these services, they said.
Also read | Russian hackers targeting state, local networks, says U.S.
To gain access to the market, the researchers had to engage in data harvesting by way of special invite codes shared by existing users. This was difficult as the platform operators actively monitors ‘rogue’ accounts.
The team did not disclose the name of the marketplace to avoid retaliatory actions from the market operators.
The price of a user’s identity on the marketplace ranges from $1 to $100. Access to cryptocurrency profiles and webmoney platforms are most valued.