Hacking services, botnet rental, DDoS attacks, banking data information, as well as the sale of exploits, servers, and other private information, are some of the products and services offered by cybercriminals on the dark web.

Today, cybercriminal structures are increasing and the cybercrime industry is one of the fastest-growing. With this in mind, we have prepared this article relating the prices and products on the dark web with updated information and new services, such as hacking services, botnet, and servers rental or sale of exploits, to explain how the cybercrime business works and what they are.

A cybercriminal group is made of people, each with different roles and tasks. There are malware developers, who are in charge of programming malicious code, packaging it, and applying different techniques to evade antivirus detection. There are also spammers, who take care of the distribution chain, either by sending emails, generating download links, false advertisements, etc. Then there is the infrastructure team, those who provide support so that the servers and networks used by the group remain anonymous and operational. On the other hand, a financial team is necessary to collect the money for the services and products offered. Within this last group are those who deal with cryptocurrency laundering, a service that is also offered on the dark web, as well as recruiting mules.

The group of mules is the last link and often the most important since it allows the money collected to finally reach the criminals. According to an FBI investigation, in many cases, mules are recruited through false ads with promises of online work, positions as payment and transfer agents, ads that promise to make money browsing the Internet, or any other advertisement that involves moving money and earning a commission. In this regard, it is extremely important to be vigilant and not believe these false advertisements or accept money transfers from unknown people.


In sites like Rent-A-Hacker or Cyb3rCha0s you can hire all kinds of services. Attackers promote themselves by highlighting their technical skills and knowledge of different programming languages. They claim to have access to zero-day exploits and all kinds of gadgets to commit a computer attack.

Illegal access to websites or an organization costs between $500 and $3,500, depending on the architecture of the site and the organization. However, if this system is a university or educational establishment, cybercriminals offer to change a student's grades for between $1,200 and $3,750. Access to a mobile phone is a bit cheaper and is around $600, while access to email and social media costs up to $800.

Beyond these defined services, most attackers offer personalized jobs, the value of which will depend on the complexity, but they do not go below $250 per hour. If the problem to be solved is urgent, they do offer a service that guarantees a response in 30 minutes, for an additional $200.




In The Deep Market you can see offers of denial of service attacks carried out by large distributed botnets. For example, the vendor "DDoS Master" offers to take down a website from $89 for 2 days. Also, on the site you can see comments and the reputation of this seller, although considering that it is an illegal business, this reputation can be dubious.


Similar offers can be found on the BlackMarket site. Or it is possible to find advertisements of hackers offering their services for the implementation of DDoS attacks or more specific hacking service offers.



There are also databases on the market with all kinds of exploits. One of them is Inj3ct0r, which offers a collection of thousands of exploits for known vulnerabilities. Many of them can be downloaded for free, but they are probably for already fixed vulnerabilities, although there are also some more critical ones between 0.1 and 0.5 Bitcoins.


However, if you are looking for the coveted exploits for zero-day vulnerabilities, you will need to deposit $1,000 to enter this restricted area. While this money remains as credit, the truth is that many of the exploits in this section are probably even more expensive.



In addition to malicious code, exploits, and all kinds of services to carry out computer attacks, cybercriminals also sell compromised servers and information from users they have managed to steal. The UAS RDP Shop portal offers servers from any country in the world, which the buyer can access and control remotely. These servers are mainly sold to be used to carry out attacks, temporarily store illegal information, or simply to carry out activities without leaving a trace.

The prices are around $10 to $12 per server, although they can be worth $15 when the equipment has more resources and a more updated operating system. Most of the compromised computers have Windows Server 2008 and Windows 7, two almost obsolete operating systems with known security flaws.


Information on individuals is also sold on this same site. A new identity that includes email, password, address, identity document, and even social security or registration numbers can be purchased for between $2 and $5.

However, this is not the only personal information that is traded. Amazon, Paypal, and other online payment services are also sold for an approximate value of 10% of the available balance in the account.


On another site, C2Bit trades debit and credit cards obtained through scams technics such as Phishing. In this case, the value ranges from $15 to $40 depending on the country of issuance, the type of card, and the balance available for use.



Every dirty business must be laundered so that cybercriminals can use that money in their daily expenses. In this regard, Bitcoin laundry services, also called Bitcoin Mixers, are becoming more and more popular. The mechanism is very simple, given that the blockchain that stores bitcoin transactions is public and traceable, laundries offer to carry out numerous small transactions between "dirty" money and "clean" money from their reserves. In this way, the traceability and continuity of transactions are lost, achieving greater privacy and making it difficult to track money.

In services such as SmartMix, the user pays 0.5% of the amount to be laundered, plus a small extra for each destination address where the clean money will be deposited. They even offer a transaction delay service by adding more confirmations. In this way, the longer the delay, the more difficult it is to trace the transaction.



Cybercrime is today a million-dollar industry in expansion and it is something that both companies and end-users must take into account. Today the information of any individual has value and is traded on the black market, as well as that of large companies.

On the other hand, it is no longer necessary to have the technical knowledge or be a computer specialist to carry out attacks and compromise the security of an organization. For example, a disgruntled employee can, within hours, gain access to the services of cybercriminals and infect the network with malicious code or denial of service attacks.

Knowing the cybercrime industry and the way these criminal groups are managed allows us to be more aware of malicious actions and thus improve protection tools. Today anyone can be the victim of a computer attack or a malware infection, so having basic security measures such as antivirus, double factor authentication, and updated devices is essential.