Cellebrite Physical Analyzer no longer fully available for iPhones following Signal blog post

The Cellebrite Physical Analyzer – the most intrusive phone-cracking tool offered by the company – no longer fully supports iPhones, according to a document shared with us. The company has ceased offering this deep dive into data stored on iPhones following the discovery and exploitation of a vulnerability by secure messaging app Signal.

Signal discovered multiple security vulnerabilities in Cellebrite’s software, and was able to find a way to booby-trap iPhones to corrupt the results of a scan using Physical Analyzer …

💡Background

Cellebrite offers hardware and software designed to allow users to break into smartphones, and extract data from them. The company’s products are used by law enforcement agencies around the world, including those in some unsavory nation states likely to be using them to crack down on political dissidents.

Signal managed to get its hands on the software suite, including the Physical Analyzer module, which offers the deepest dive into the data stored on a smartphone. The messaging company carried out its own analysis of the software, finding a surprising number of security vulnerabilities.

It was able to exploit one of these to allow any iPhone to corrupt the data on any machine running the software. This would not only render useless the scan of the connected iPhone, but also corrupt the results of both past and future scans using the same machine.

All that was required, Signal said in a blog post, was to place a carefully crafted file onto the device. The post said that the company was now doing this for all Signal users. Indeed, even some non-Signal users chose to install the app simply to get this protection.

https://9to5mac.com/2021/04/27/cellebrite-physical-analyzer-iphone/

#cellebrite #physical #analyzer #iphone #hack #signal
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Hack Across America - USB drop attack in the Death Valley

This time on Hack Across America, we don't go to Death Valley for a very special USB drop attack and your Q&A!

https://www.youtube.com/watch?v=tvRRR71HZ60

#hak5 #usb #drop #attack #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv
🎥@NoGoolag

DigitalOcean says customer billing data ‘exposed’ by a security flaw

DigitalOcean has emailed customers warning of a data breach involving customers’ billing data, TechCrunch has learned.

The cloud infrastructure giant told customers in an email on Wednesday, obtained by TechCrunch, that it has “confirmed an unauthorized exposure of details associated with the billing profile on your DigitalOcean account.” The company said the person “gained access to some of your billing account details through a flaw that has been fixed” over a two-week window between April 9 and April 22.

The email said customer billing names and addresses were accessed, as well as the last four digits of the payment card, its expiry date, and the name of the card-issuing bank. The company said that customers’ DigitalOcean accounts were “not accessed,” and passwords and account tokens were “not involved” in this breach.

“To be extra careful, we have implemented additional security monitoring on your account. We are expanding our security measures to reduce the likelihood of this kind of flaw occuring [sic] in the future,” the email said.

DigitalOcean said it fixed the flaw and notified data protection authorities, but it’s not clear what the apparent flaw was that put customer billing information at risk.

In a statement, DigitalOcean’s security chief Tyler Healy said 1% of billing profiles were affected by the breach, but declined to address our specific questions, including how the vulnerability was discovered and which authorities have been informed.

Companies with customers in Europe are subject to GDPR, and can face fines of up to 4% of their global annual revenue.

https://telegra.ph/DigitalOcean-says-customer-billing-data-exposed-by-a-security-flaw--TechCrunch---IATA-News-04-28

via www.iatanews.com

#digitalocean #breach #leak #customer #data
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Facebook hides posts calling for PM Modi’s resignation in India

Facebook has hidden all posts with the hashtag “Resign Modi” in India a few days after the US Social Jaguar Note responded to orders from New Delhi with Twitter. Censored some posts critical of the Indian government’s treatment of the coronavirus pandemic..

Facebook says it hides posts with the “Resign Modi” hashtag on its website. This is because some posts violate community standards. (Searching for “Resign Modi” will return some results to US users.) At this time, it’s unclear whether Facebook was ordered to receive this call or did it voluntarily.

The tweet of “#ResignModi” at the time of publication was seen in India. With more than 450 million WhatsApp users and nearly 400 million Facebook users, India is the largest market for social enterprises on a user-based scale.

Recently, in South Asian countries, many citizens have begun to complain to the government on social channels as they struggle to find empty beds, oxygen supplies and medicines in hospitals.

http://telegra.ph/Facebook-hides-posts-calling-for-PM-Modis-resignation-in-India--TechCrunch---California-News-Times-04-28

via californianewstimes.com

💡 read this as well:
https://t.me/BlackBox_Archiv/2080

#facebook #DeleteFacebook #ResignModi #modi #india #covid #corona
📡 @nogoolag 📡 @blackbox_archiv

Data security is cool again - Data security might have new life!

LET’S BE FRANK

Given the buzz around Snowflake and Databricks, data is becoming a hot topic again. With this comes concern around the security and privacy of that data. I’ve been seeing more content being written about this space, but in my opinion, the content has been disappointing because it doesn’t contain the proper context. I don’t blame them though because data security has had a long and complicated history, and I’ve had the “privilege” of seeing various versions of it play out in the last 10+ years.

A couple of threads/articles that have hit my radar are Will Lin’s VC view on Security Week and Renee Shah’s Twitter thread. Both are definitely worth a read, but I wanted to give everyone my take, which will fill in some missing pieces.

If you don’t want to read the articles, here are the tl;drs. Will’s article proposes a data security firewall to merges visibility and control (side comment: are firewalls still cool?). Renee’s Twitter thread discusses the need for 3-5 solutions for different parts of data security, which seems like where the space is heading, but more on that later.

Let’s start with an extremely brief history of data security. First, the biggest part of data security in the past has been data loss prevention (DLP). Symantec and Varonis are two of the major players. These products have been the bane of a CISO’s existence because they are extremely difficult to deploy and use. That’s how DLP became a dirty acronym and has made data security a dirty term. Second, CISOs have been forced to use these tools because of compliance, making data security primarily a compliance issue. This dynamic has made go-to-market extremely complicated. Finally, VCs have shied away from this space because there have been only bad exits. If you know of any good data security exit in the last 10 years, please let me know. I have still yet to come up with one.

https://franklyspeaking.substack.com/p/franklyspeaking-042721

#franklyspeaking #data #security
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Darknet Diaries - EP 91: WEBJEDI

What happens when an unauthorized intruder gets into the network of a major bank? Amélie Koran, aka webjedi, was there for one of these intrusions and tells us the story of what happened.

You can find more talks from Amélie at her website webjedi.net.

https://darknetdiaries.com/episode/91/

👉🏼 https://webjedi.net/

#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag

A forked version of dnscrypt-proxy for μODNS

This repo is a forked version of dnscrypt-proxy. From the original version, this has been modified to employ a PoC implementation of μODNS that is a multiple-relay-based anonymization protocol for DNS queries.

μODNS has been designed to protect user privacy in DNS even if a relay(s) collude with a resolver(s), which cannot be solved in existing DNS anonymization protocols. For the detailed information of μODNS, please refer to our concept paper below:

https://github.com/junkurihara/dnscrypt-proxy-modns

#dnscrypt #proxy #modns #μODNS
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

secml-malware: A Python Library for Adversarial Robustness Evaluation of Windows Malware Classifiers

Machine learning has been increasingly used as a first line of defense for Windows malware detection. Recent work has however shown that learning-based malware detectors can be evaded by well-crafted, adversarial manipulations of input malware, highlighting the need for tools that can ease and automate the adversarial robustness evaluation of such detectors. To this end, we presentsecml-malware, the first Python library for computing adversarial attacks on Windows malware detectors.

https://arxiv.org/pdf/2104.12848.pdf

https://github.com/zangobot/secml_malware

#secml #malware #windows #attacks
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

⚠️ Important message from BlackBox (Security) Archiv ⚠️

‼️ Any post in this channel is for educational purposes only.
Any actions and / or activities related to the material contained in this channel are solely your responsibility. Use of the information in this channel may result in criminal charges against the individuals involved.

The authors and BlackBox (Security) Archiv shall not be liable in the event that criminal charges are brought against individuals who misuse the information in this Telegram channel to violate applicable law.

⚠️ Always remember to use these techniques, instructions, or hardware only on devices whose owners or users have allowed it. Unauthorized access to other people's infrastructure is punishable by law.

#educational
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Silk-Road - Casefile True Crime (part 1 - 3)

Pennsylvania State University student Ross Ulbricht had been fascinated with mathematics and science from a young age. During his college years, he developed a new fascination with libertarianism, a political philosophy that values individual freedom above all else. For Ross, this became more of an interest – it became a way of life.

Combining his libertarianism beliefs with his interest in computers, Ross came up with the idea to create a free trade, an untraceable online market that operated outside of government regulations. His vision soon became a reality, and The Silk Road was born.

👉🏼 🎧 Silk Road Part 1
https://t.me/BlackBox_Archiv/212

👉🏼 🎧 Silk Road Part 2
https://t.me/BlackBox_Archiv/213

👉🏼 🎧 Silk Road Part 3
https://t.me/BlackBox_Archiv/214

Nob and the Dread Pirate Roberts started to communicate regularly. The Dread Pirate Roberts had no idea he was really speaking to a DEA agent. And the DEA agent had no idea about the true identity of the Dread Pirate Roberts.

#SilkRoad #darknet #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag

Lawmakers introduce legislation to create civilian reserve program to fight hackers

A group of bipartisan lawmakers in the House and Senate on Wednesday rolled out legislation that would create a National Guard-style program to help defend critical systems against increasing from nation states and criminals.

The Civilian Cyber Security Reserve Act would establish a civilian reserve program to provide cybersecurity training for individuals who have previously worked for either the U.S. federal government or armed services. They would then be available as resources for the Departments of Defense and Homeland Security to boost federal cybersecurity protections.

The bill has bipartisan support, and is sponsored by Sens. Jacky Rosen (D-Nev.) and Marsha Blackburn (R-Tenn.) in the Senate, alongside Reps. Jimmy Panetta (D-Calif.) and Ken Calvert (R-Calif.) in the House.

It was introduced as both the Biden administration and Congress have been forced to concentrate on enhancing the cybersecurity of critical systems in the wake of multiple major hacking incidents.

The SolarWinds hack, discovered in December, involved Russian hackers compromising nine federal agencies, while new vulnerabilities in Microsoft’s Exchange Server announced in March allowed Chinese hackers to potentially breach thousands of organizations.

Cyber criminals have also stepped up attacks on vulnerable groups during the pandemic, with state and local governments, hospitals and schools increasingly hit by debilitating ransomware attacks over the past year.

Rosen pointed to the escalating cyberattacks Wednesday, saying they “demonstrate the risks of not addressing our severe cyber workforce shortage.”

https://thehill.com/policy/cybersecurity/550802-lawmakers-introduce-legislation-to-create-civilian-reserve-program-to

#cyberattacks #cybersecurity #usa #civilian #reserve #program #SolarWinds
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

0Click security vulnerabilities discovered affecting Tesla Model S/3/X/Y

Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component (ConnMan) used in Tesla automobiles that allowed them to compromise parked cars and control their infotainment systems over WiFi. It would be possible for an attacker to unlock the doors and trunk, change seat positions, both steering and acceleration modes - in short, pretty much what a driver pressing various buttons on the console can do. This attack does not yield drive control of the car though. Named “TBONE”, these exploits were originally written for the PWN2OWN 2020 contest, which was cancelled due to COVID-19. They later disclosed these vulnerabilities to Tesla, who patched them in update 2020.44 in late October 2020.

The affected components were also widely used in infotainment systems of other car manufacturers as well. Eventually the German CERT was engaged and the wider automotive industry was informed of the vulnerability in January 2021. Patches have been checked into the Git repository and a new version of ConnMan (v1.39) has been released since February 2021. The researchers therefore decided to demonstrate these vulnerabilities to the cybersecurity community at large.

https://kunnamon.io/tbone/

#tesla #security #vulnerabilities #TBONE
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Exclusive: Government, industry push bitcoin regulation to fight ransomware scourge

SAN FRANCISCO (Reuters) - Government and industry officials confronting an epidemic of ransomware, where hackers freeze the computers of a target and demand a payoff, are zeroing in on cryptocurrency regulation as the key to combating the scourge, sources familiar with the work of a public-private task force said.

In a report on Thursday, the panel of experts is expected to call for far more aggressive tracking of bitcoin and other cryptocurrencies. While those have won greater acceptance among investors over the past year, they remain the lifeblood of ransomware operators and other criminals who face little risk of prosecution in much of the world.

Ransomware gangs collected almost $350 million last year, up threefold from 2019, two members of the task force wrote this week. Companies, government agencies, hospitals and school systems are among the victims of ransomware groups, some of which U.S. officials say have friendly relations with nation-states including North Korea and Russia.

“There’s a lot more that can be done to constrain the abuse of these pretty amazing technologies,” said Philip Reiner, chief executive of the Institute for Security and Technology, who led the Ransomware Task Force. He declined to comment on the report before its release.

Just a week ago, the U.S. Department of Justice established a government group on ransomware. Central bank regulators and financial crime investigators worldwide are also debating if and how cryptocurrencies should be regulated.

The new rules proposed by the public-private panel, some of which would need Congressional action, are mostly aimed at piercing the anonymity of cryptocurrency transactions, the sources said. If implemented, they could temper enthusiasm among those who see the cryptocurrencies as a refuge from national monetary policies and government oversight of individuals’ financial activities, having surged past $1 trillion in total capitalization.

https://www.reuters.com/article/us-bitcoin-regulation-ransomware-exclusi-idUSKBN2CF2UM

#usa #bitcoin #regulation #hacker #ransomware #epidemic
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Experiencing the /e/ OS: The Open Source De-Googled Android Version (updated April 29, 2021)

/e/ Android operating system is a privacy oriented, Google-free mobile operating system, fork of Lineage OS and was founded in mid-2018 by Gaël Duval, creator of Mandrake Linux (now Mandriva Linux).

Despite making Android an open source project in 2007, Google replaced some OS elements with proprietary software when Android gained popularity. /e/ Foundation has replaced the proprietary apps and services with MicroG, an open source alternative framework which minimizes tracking and device activity.

https://itsfoss.com/e-os-review/

#foss #eOS #opensource #degoogled #android #microg
📡 @nogoolag 📡 @blackbox_archiv

RTF Report: Combatting Ransomware

A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force

Ransomware is no longer just a financial crime; it is an urgent national security risk that threatens schools, hospitals, businesses, and governments across the globe.

https://securityandtechnology.org/ransomwaretaskforce/report/

https://securityandtechnology.org/wp-content/uploads/2021/04/IST-Ransomware-Task-Force_Final_Report.pdf

#ransomware #rtf #report #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Jamulus - Play music online. With friends. For free.

What is Jamulus?

Jamulus is software for playing music, rehearsing, or just jamming with anyone online with low latency. You can use your Windows, macOS or Linux machine to connect to Jamulus servers worldwide. Jamulus is free and you can just use your normal broadband connection. Simply connect to a public server or host your own private one. Jamulus has been in development since 2006 and is designed for high quality, low-latency sound, making it easy to play together remotely and in time.

https://jamulus.io/

https://github.com/jamulussoftware/jamulus

💡 For detailed information about how Jamulus hacks the space-time continuum to produce a near-perfect 5th dimension of collaborative sound, see this paper by Volker Fischer (PDF).

#jamulus #software #music #online #jamming #opensource
📡 @nogoolag 📡 @blackbox_archiv

The Rise of Big Data Psychiatry

The information captured by our smartphones, as well as new speech- and facial-recognition technologies, can yield invaluable insights for mental health professionals.

As a physician, I need to figure out three things when a new patient walks into my office: what their life is typically like, what has changed that made them seek treatment and what I can do to help them. It’s a complex problem, and most fields of medicine approach it by taking measurements. If I were a cardiologist evaluating a patient’s chest pain, for instance, I would speak with the patient, but then I would listen to their heart and measure their pulse and blood pressure. I might order an electrocardiogram or a cardiac stress test, tools that weren’t available a century ago.

Because I’m a psychiatrist, however, I evaluate patients in precisely the same way that my predecessors did in 1920: I ask them to tell me what’s wrong, and while they’re talking I carefully observe their speech and behavior. But psychiatry has remained largely immune to measurement. At no point in the examination do I gather numerical data about the patient’s life or behavior, even though tools for taking such measurements already exist. In fact, you likely are carrying one around in your pocket right now.

In the last decade, an entire industry has been built to predict a person’s behavior based on their smartphone use and online activity. Because our search and social media history is digitized and time stamped, it represents a permanent breadcrumb trail of our thoughts and emotions. Tech companies and governments already use these data to monitor and commodify our likes and dislikes; soon psychiatrists might be able to use them to measure and evaluate our mental state.

Our smartphones measure our movements with accelerometers, our location with GPS and our social engagement with the number of calls and texts we send. These data have extraordinary potential for psychiatric diagnosis and treatment. Studies have shown that the words we use to express ourselves on Facebook and Twitter can predict the emergence of conditions like postpartum depression and psychosis. A person’s recent Google search history, it turns out, is a better predictor of suicide than their clinician’s most recent notes.

https://telegra.ph/The-Rise-of-Big-Data-Psychiatry-04-29

via www.wsj.com

#smartphones #BigData #psychiatry #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

The IRS Wants Help Hacking Cryptocurrency Hardware Wallets

As more investors and criminals move to hardware wallets to secure their funds, the IRS is looking for new methods to access those wallets in criminal investigations.

The IRS is looking for help to break into cryptocurrency hardware wallets, according to a document posted on the agency website in March of this year.

Many cryptocurrency investors store their cryptographic keys, which confer ownership of their funds, with the exchange they use to transact or on a personal device. Some folks, however, want a little more security and use hardware wallets—small physical drives which store a user's keys securely, unconnected to the internet. The law enforcement arm of the tax agency, IRS Criminal Investigation, and more specifically its Digital Forensic Unit, is now asking contractors to come up with solutions to hack into cryptowallets that could be of interest in investigations, the document states.

"The decentralization and anonymity provided by cryptocurrencies has fostered an environment for the storage and exchange of something of value, outside of the traditional purview of law enforcement and regulatory organizations," the document reads. "There is a portion of this cryptographic puzzle that continues to elude organizations—millions, perhaps even billions of dollars, exist within cryptowallets."

The security of hardware wallets presents a problem for investigators. The document states that agencies may be in possession of a hardware wallet as part of a case, but may not be able to access it if the suspect does not comply. This means that authorities cannot effectively "investigate the movement of currencies" and it may "prevent the forfeiture and recovery" of the funds.

http://telegra.ph/The-IRS-Wants-Help-Hacking-Cryptocurrency-Hardware-Wallets-04-29

via www.vice.com

#irs #hacking #cryptowallets #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

U.S. government probes VPN hack within federal agencies, races to find clues

For at least the third time since the beginning of this year, the U.S. government is investigating a hack against federal agencies that began during the Trump administration but was only recently discovered, according to senior U.S. officials and private sector cyber defenders.

It is the latest so-called supply chain cyberattack, highlighting how sophisticated, often government-backed groups are targeting vulnerable software built by third parties as a stepping-stone to sensitive government and corporate computer networks.

The new government breaches involve a popular virtual private network (VPN) known as Pulse Connect Secure, which hackers were able to break into as customers used it. read more

More than a dozen federal agencies run Pulse Secure on their networks, according to public contract records. An emergency cybersecurity directive last week demanded that agencies scan their systems for related compromises and report back.

The results, collected on Friday and analyzed this week, show evidence of potential breaches in at least five federal civilian agencies, said Matt Hartman, a senior official with the U.S. Cybersecurity Infrastructure Security Agency.

https://www.reuters.com/technology/us-government-probes-vpn-hack-within-federal-agencies-races-find-clues-2021-04-29/

#usa #government #vpn #hack #federal #agencies
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Africa's Expansion of AI Surveillance - Regional Gaps and Key Trends

Many African states are deploying Artificial Intelligence (AI) surveillance technologies to monitor citizens for various purposes, but seldom in ways that are rights-respecting and particularly privacy-respecting. Today’s AI surveillance technologies are capable of analysing big data, monitoring and tracking by classifying people’s movements into astonishingly precise categories.

These AI-powered tools provide governments and companies with the capability to gather and freely access personal data, which may cause serious harms. As AI increasingly moves towards becoming a general-purpose technology, Africa needs to develop governance frameworks that enable the delivery of public services and public goods while preventing harms and mitigating risks. For instance, in the wake of the COVID-19 pandemic AI powered by data science and machine learning is being applied in many areas, including in drug discovery as well as in public health management and public policy to model and predict outbreaks and COVID spread and help with contact tracing.

As AI is increasingly being used to tackle national and global problems like the COVID-19 pandemic, governments are increasingly adopting measures that can lead to violations of human rights. This raises the challenge of preserving and upholding both individual and collective rights. Research ICT Africa is carrying out a mapping exercise, gathering empirical data on computer vision and surveillance across 14 countries in Africa. In so doing, our purpose is to facilitate evidence-based and informed policymaking in the context of emerging surveillance systems that are changing the ability of states and corporations to monitor citizens. The study has preliminarily identified a range of deployments, from facial recognition systems, safe city projects and cloud computing infrastructures, to smart policing initiatives that are meant to achieve various goals.

https://www.africaportal.org/publications/africas-expansion-ai-surveillance-regional-gaps-and-key-trends/

#africa #ai #surveillance
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

How much are you worth on the dark web? (Credit card, PayPal, SSN)

Comparitech researchers analyzed 40+ dark web marketplaces to find out how much your credit card, Paypal, and SSN are worth to cybercriminals.

After a data breach or successful phishing campaign, much of the stolen personal information is sold on black markets. Many such marketplaces reside on the dark web. But how does the sale of stolen information work, exactly, and how much money are criminals making from stolen data?

Comparitech researchers analyzed the prices of stolen credit cards, hacked PayPal accounts, and private Social Security numbers on more than 40 different dark web marketplaces. We looked at prices based on account balance, credit limit, country, and what information is included with a given listing.

You might be surprised to find out how little—or how much—your data is worth depending on a few key factors.

💡 Key findings:

Americans have the cheapest fullz (full credentials), averaging $8 per record. Japan and the UAE have the most expensive identities at an average of $25.

👉🏼 Prices for stolen credit cards range widely from $0.11 to $986.

👉🏼 Hacked PayPal accounts range from $5 to $1,767.

👉🏼 US and UK accounted for highest percentage of stolen credit cards which reflected in lower average price of $1.50 and $2.50 respectively.

👉🏼 The median credit limit on a stolen credit card is 24 times the price of the card.

👉🏼 The median account balance of a hacked PayPal account is 32 times the price on the dark web.

https://www.comparitech.com/blog/vpn-privacy/dark-web-prices/

#darknet #market #prices #cc #paypal #ssn
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag