The darknet has become a digital marketplace where much of the stolen data we hear about ends up. In a recent expose, the data from the online accounts of 617 million individuals were found up for sale on the darknet.
There are many reasons for buying someone else’s data, including to commit ID theft, financial fraud, and even for some, the odd bit of blackmail. A quick look at the state of data breaches is unnerving reading for anyone who has an online account. And we have a lot of online accounts.
In this blog post, we will look at how our personal data ends up in the hands of the bad guys via the darknet.
Curious to learn more about the darknet? Check out our previous blog articles on the subject:
Here are some interesting facts to give you a feel for the levels of personal data we (and the cybercriminal elements amongst us) are dealing with:
According to The Radicati Group, there will be around 3.9 billion email users in the world by the end of 2019. Each has, on average, 1.7 email accounts each - although some figures put this as high as 2.5 email accounts each.
In the USA, the average user has 130 online accounts associated with each email address.
According to Gemalto, there have been 14.7 billion data records lost or stolen since 2013 - with only 4% of them protected using encryption.
In the USA, according to Javelin Research, there were 14.4 million victims of identity theft during 2018. The previous year saw 16.7 million people have their identity stolen and used for fraudulent purposes.
Much of these data end up exchanging hands. Data is a valuable commodity and can be used, sold, resold, ad infinitum; stolen data is like the gift that keeps on giving.
The darknet plays host to a number of areas (sites) that are used by cybercriminals to exchange goods and services. In our previous article, which looked at Darknet Intelligence, where we showed examples of the types of nefarious items available to buy on darknet sites. These sites are often in the form of eBay-like marketplaces or simple hacker forums.
In an exposé article by cyber-intelligence firm DarkOwl, they explain how a hacker group (or possibly an individual) known as “TheDarkOverlord” operates. The post shows the sites that the hacker uses to sell on any stolen data. One such tranche of data up for sale was the health data of 67,000 patients from across several U.S. states.
Screenshot of TheDarkOverlord posting about medical records on Kickass Forum (Source)
This type of data exchange is one raison d'être of the darknet. Data has intrinsic value and prices paid vary. Credit file agency, Experian, has looked at the prices of stolen data that the darknet fetches. In 2017, they found that, on average, a social security number would go for $1 whereas a passport could go for as much as $2,000.
A $1 price tag may not sound like much for a social security number, but when the haul is 143 million from the Equifax breach alone, then every dollar adds up.
It is worth looking at the mechanisms of how data ends up on the darknet in the first place. If we understand the ‘route to market’, we can put structures in place to stop the flow.
Here are some of the cybercriminals’ favorite methods used to steal or expose personal data that is then sold via darknet sites.
There is not one single way that a digital identity is stolen.
Identity, in the sense of an online way of identifying an individual, is typically made up from ‘attributes’. These attributes are snippets of information, such as your name, address, date of birth, social security number, and so on.
In some identity systems, some of these attributes may also be additionally ‘verified’. This is checked with a third party, e.g. a credit file agency, to see if they are true. In this respect, they can be very valuable commodities for a hacker to get hold of.
The theft of these attributes can occur in a number of ways:
Details from these stolen accounts and data are then placed on the darknet for sale.
Once the hackers have enough of your personal details, they can aggregate them to then create fraudulent accounts in your name. These accounts can include loans applications, bank accounts, and new passports.
Malicious insiders are being recruited as darknet operatives. There are myriad reports that show evidence of darknet recruitment drives looking for insider help. For example, a number of reports found job ads for bank employees with weekly salaries for illegally accessing bank accounts and carrying out bank transfers.
Remember that anything that can help get data onto the darknet will be attempted.
ATM skimming is a popular way to steal financial card data. The ATM scanners are replaced by hacking equipment that itself is available for purchase on the darknet. If an ATM has a skimmer attached, it will read all the data from your card and a secretly-placed camera will also steal your PIN when you type it in.
This data then ends up on being sold on the darknet. This scenario was described by Pakistan’s Deputy Director Cybercrime, Muhammad Ahmad Zaeem on a TV show recently. He discussed the use of stolen ATM data sold on the darknet, then subsequently used for fake cash withdrawals and money laundering.
At the beginning of this article, we talked about the dump of stolen data from 617 million individual accounts. This, of course, is the tip of a very large iceberg. The chances are that most data breaches (whatever the method used to perpetuate the breach) end up with the stolen data on a black market site, for example by phishing.
Phishing is an attempt by a hacker to pose as a legitimate organization, such as your bank, and then trick you into giving up your credentials (typically your login and password).
In a report by Business Insider, researchers found that ‘hackers for hire’ were plentiful on the darknet. Once hacked, account data changes hands swiftly, Netflix passwords going for $1.25 and Hilton HHonor Points for $3.
Related Post: Phishing: 3 Methods to Protect Yourself from Cyber Fraud
The darknet is a serious threat to businesses as it is the place where cybercrime can propagate and proliferate. The use of the darknet as a trading platform to commit continued crimes using personal data is the cybercrime equivalent of a supply chain.
Crimes like credential stuffing are facilitated due to the ease of flow of stolen data and tools that help to check alive accounts. Dunkin Donuts customers look set to be one of the latest casualties of the darknet, accounts being hacked using previously-stolen data. Mind you, they will certainly not be the last entity to suffer at the hands of stolen data that is used to carry out follow-on attacks.
In the end, the darknet offers the perfect hiding place for cybercriminals. It is a modern-day Pirates Cave where data is fed into marketplaces for sale to use in continuing criminal activities.
While there is no way to fully prevent nefarious activity, there are a variety of techniques, both human-centered and technological, that could help improve an organization’s security defenses. This includes security awareness training, darknet intelligence and strengthening your cybersecurity posture through cybersecurity posture assessments or 24/7 monitoring of your environment.
Want to find out more about how to strengthen your overall cybersecurity posture? Self-assess your cybersecurity posture by clicking down below!