News that cybercriminals are seeking out user names and passwords for resale is nothing new — but according to researchers at the anti-virus company Kaspersky Lab (via Computerworld), stolen Twitter accounts are fetching a higher price than other credentials among criminals. One Twitter account with only 320 followers recently sold for $1,000.
Hackers have relied on malware software for some time to gather credit card numbers, bank log-ins, and whatever else they could find from unsuspecting computer users. Since 2005, they’ve been developing a new breed of malware to streamline the hunt for bank credentials, but generic data stealing software that aims to grab as much data as possible remains the most rampant on the web.
Speaking at a press event, Kaspersky Researcher Dmitry Bestuzhev said that many cybercriminals are aiming for more than just credit card numbers and bank log-ins these days. He has also seen Gmail accounts being sold for around $80 on Russian hacker forums, as well as Rapidshare accounts (for $5 a month), instant messaging, and Facebook credentials.
Twitter accounts are popular because they give the hackers a platform to spread their trojans to hundreds or thousands of users at once. Pricing on the Twitter accounts depends on follower numbers, and the name of the account. The account that sold for $1,000 had a simple three letter username, possibly making it more useful to criminals.
Bestuzhev has seen MSN accounts going for $1.40, and went on to say that the price for Twitter accounts is “really high.” He also mentions that the high prices are probably justified because hackers can get up to $1,000 worth of data from a single hacked computer.
A 2008 report found that cybercriminal organizations were maturing into “mafia-like” outfits, and were becoming increasingly efficient at data theft due to their new-found structure. Competition between criminal groups has dropped the prices of previously valuable intel — credit card numbers and bank log-ins used to sell for $100 or more, at the time of the report they were selling for $10-$20 in some cases. I’d wager that prices have fallen even more by today.
It’s no big surprise that Twitter accounts are being valued so highly. It’s a form of communication that lies between e-mail and instant messaging, both of which have been heavily utilized to spread malware. Twitter users are trained to click on links from the people they follow, and they probably don’t apply the same amount of caution as they would to a suspicious link in an e-mail or IM message. The new trend of shortened links — which disguise the true destination of URLs — must certainly be appealing to cybercriminals as well.
Hopefully, as Twitter users learn to become more aware of malware threats, their value among criminal organizations will drop.