How much do criminals pay for certificates on the dark web?

The Cyber Security Research Institute (CSRI) conducted a six-month investigation into the sale of digital code signing certificates on the dark web.

certificates sale dark web

The research uncovered code signing certificates readily available for purchase on the dark web, selling for up to $1,200 – making them more expensive than counterfeit U.S. passports, stolen credit cards and even handguns.

“We’ve known for a number of years that cyber criminals actively seek code signing certificates to distribute malware through computers,” said Peter Warren, chairman of the CSRI. “The proof that there is now a significant criminal market for certificates throws our whole authentication system for the Internet into doubt and points to an urgent need for the deployment of technology systems to counter the misuse of digital certificates.”

Code signing certificates are used to verify the authenticity and integrity of computer applications and software and make up a vital element of Internet and enterprise security. However, cybercriminals can take advantage of compromised code signing certificates to install malware on enterprise networks and consumer devices.

“With stolen code signing certificates, it’s nearly impossible for organizations to detect malicious software. Any cyber criminal can use them to make malware, ransomware, and even kinetic attacks trusted and effective. In addition, code signing certificates can be sold many times over before their value begins to diminish, making them huge money makers for hackers and dark web merchants. All of this is fuelling the demand for stolen code signing certificates,” said Kevin Bocek, chief security strategist for Venafi.

certificates sale dark web

Warren added: “Although our research uncovered a thriving trade in code signing certificates, we were only able to scratch the surface of this market. In an ironic twist, our researchers were often limited from delving further as dark web traders didn’t trust them. We suspect that TLS, VPN, and SSH key and certificate trading is also rife, alongside the trade in code signing certificates we uncovered.”