The Dark Web Price Index is a study published by Privacy Affairs that looked at the prices of various fraud related prodcuts on the darknet and determined the average prices.
While Privacy Affairs emphasizes that “this piece was created as research, not to help you become a criminal”, it provides a good guideline on what prices to expect for various darknet purchases such as credit cards, Paypal account information, hacked Google accounts and even prices for DDOS attacks.
According to the report, credit card are the cheapest financial assets; credit card data can be purchased starting at $15 for simple cloned Mastercards witth pin. For stolen online banking logins with a confirmed of $2000, you can expect to pay about $65.
Paypal account information on the other hand is more expensive, starting at around $200 for a stolen Paypal account upto $350 with accounts that have a confirmed balance of over $1000. Stolen Western Union transfers with $1000 or more can be purchased starting at around $100.
More interesting is the forged documents category which shows that the price depends not only on the quality of the forgery but also the type of document. For a US driver license in average quality a median price of $70 was determined. For high quality expect prices over $500.
For a EU passport on the other hand you can expect to pay at least $1500 – as these have to be high quality to not instantly be detacted as forgery. National EU ID cards are also rather price with an average price of $550.
The report also found that counterfeit banknotes are an extremely common product, mainly in 20 or 50 denominations. The study came found USD, EUR, GBP, CAD, AUD most often. Some come with a UV pen test guarantee. The “quality” ones tend to cost around 30% of the banknote value.
There is also a detailed table for various social media related purchaes from “1000x Twitter retweets” ($25) up to a full hacked GMail account (~$150).
Finally there is a malware section which lists the prices of various common exploits ranging from as low as $100 upto $6000 or more for premium, possibly zero-day quality malware.
For DDOS attacks, as you would expect, it simply depends on the volume. To take down a small private website, something like $10 may even be enough. But for a successful ddos against protected websites, expect to pay $200 or more for a downtime of 24 hours.
While the report suddenly should be taken with a grain of salt, it is nonetheless a useful rough guide as to what prices to expect. It also gives you a better position to negotiate with vendors about prices. So next time you feel you might be paying too much, check the report to find out what the average price for the product is roughly at.