Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.
Criminals ripping off other crooks is a constant theme in the cybercrime underworld; Accountz Club’s sloganĀ — “the best autoshop for your favorite shops’ accounts” — just normalizes this activity by making logins stolen from users of various cybercrime shops for sale at a fraction of their account balances.
The site says it sells “cracked” accounts, or those that used passwords which could be easily guessed or enumerated by automated tools. All of the credentials being sold by Accountz provide access to services that in turn sell access to stolen information or hijacked property, as in the case of “bot shops” that resell access to infected computers.
One example is Genesis Market, where customers can search for stolen credentials and authentication cookies from a broad range of popular online destinations. Genesis even offers a custom-made web browser where you can load authentication cookies from botted PCs and waltz right into the account without having to enter a username or password or mess with multi-factor authentication.
Accountz is currently selling four different Genesis logins for about 40-50 percent of their unspent balances. Genesis mostly gets its inventory of botted computers and stolen logins from resellers who specialize in deploying infostealer malware via email and booby-trapped websites. Likewise, it appears Accountz also derives much of its stock from a handful of resellers, who presumably are the same ones doing the cybercrime service account cracking.
In essence, Accountz customers are paying for illicit access to cybercrime services that sell access to compromised resources that can be abused for cybercrime. That’s seriously meta.
Accountz says its inventory is low right now but that it expects to offer a great deal more stock in the coming days. I don’t doubt that’s true, and it’s somewhat remarkable that services like this aren’t more common: From reporting my “Breadcrumbs” series on prominent cybercrime actors, it’s clear that a great many cybercriminals will use the same username and password across multiple services online.
What’s more, relatively few cybercrime shops online offer their users any sort of multi-factor authentication. That’s probably because so few customers supply their real contact information when they sign up. As a result, it is often far easier for customers to simply create a new account than it is to regain control over a hacked one, or to change a forgotten password. On top of that, most shops have only rudimentary tools for blocking automated login attempts and password cracking activity.
It will be interesting to see whether any of the cybercrime shops most heavily represented in the logins for sale at Accountz start to push back. After all, draining customer account balances and locking out users is likely to increase customer support costs for these shops, lower customer satisfaction, and perhaps even damage their reputations on the crime forums where they peddle their wares.
Oh, the horror.
I also appreciate that Krebs is still true to his journalist roots and his headlines tell the entire story. Every other publication would be “Crime Shops Logins Hacked and Then This Happened.”
yes!
alas, today, those who compose and post headlines tend not to be the actual *writers* / researchers….
Right!? “Nine things you need to know about crime shops in 2022, (4 are paid ads for services)”
This Brian Krebson guy doesn’t know how to write “cybersecurity articles” in 9 mins.
Too perfect, and sadly true.
“You wouldn’t believe what this cybercrime shop does!”
Literally, LOL!
Thanks for that!
So are these the “Robin Hoods” of cybercrime?
That’s not how I read it (could be wrong). To me, this is “why pay that guy a premium to get access to a ton of hacked accounts? Pay me and you can _be_ “that guy” instead.”
They are Robin Hoods, stealing and selling RobinHood’s weapons to other RobinHoods
Notice them foreigners don’t price things like us – “Bronze level: $30” – not $29.99!?
The “$29.99” stuff is just a marketing ploy; people see it and thing “Oh, it’s only about $20″… The same thing applies to amounts like xx.95 as well; it’s just psychology at work.
Es estafa a MI. Me. Robaron no confien solo tu mismo puedes crear y hacerlo
Just goes to show that “No honor among thieves” is still as relevant today as it has been throughout history.
Making some else life miserable for their selfish gain!
In Hebrew we have a saying that roughly translates to “he who steals from a thief, is exempt” so basically you have a green light of making y’all miserable.
All steal and none are exempt depending on POV. He who steals for himself is not exempt from anything.
Double check that translation from the original clay. No one is exempt without hall pass!
Not all accounts are hacked, I know one seller, he’s selling his personal accounts. He’s been doing so on the forums and his telegram channel as well.
Why would he do that? Sorry if I’m ignorant.
Looking forward to hearing of their abuse in prison like the REvil kids have been getting.
“Oh, the horror.” — Love it!!!
Good article! I guess unique random passwords are too time consuming for some criminals!
This is slightly related, but I don’t understand how so many of these auto delivery crime shops can operate in the open. The ones mentioned in the article require an invite/account of course but less “professional ones” openly sell hacked spotify, netflix, and game accounts. Many of them like sellix.io, selly.gg/io, rocketr.net, etc support paypal, stripe, and card payments.
Most tech companies to focus on this problems. They need to find better solutions for passwords.
For example for me I preferred to use finger print to log in, and other people use number fun confirmstion and device deactivation.