It’s a horrible thing to think about but you are a commodity. All your personal details, from your name and address to your bank account information, are worth something to someone. It can be traded on, and used against you.
For what purpose? Most commonly, for identity theft or even blackmail. The latter is how abhorrent techniques like sextortion work.
But how much are you worth? You might be surprised at how cheaply your details can be acquired on the Dark Web.
The Dark Web?
Even if you know nothing of the murkier side of the net, realising that there’s an online equivalent of the black market wouldn’t be a great stretch of the imagination. This is essentially what the Dark Web is.
It’s part of the Deep Web, a sub-section of the Internet not indexed by popular search engines. Because content on the Dark Web doesn’t use Internet Protocol (IP), there’s a whole network of further hidden sites that discuss and trade in often illegal information. You can only access it using the Tor browser, and then you’d have to actually find this invisible web – though of course there are ways.
Hidden Dark Web services include drugs, illegal pornography, arms… and of course, stolen hacked data, perfect for fraudulent activity.
Know Your Worth: Your Finances
— Hayley Atwell (@HayleyAtwell) August 1, 2015
In the brilliant Agent Carter by Marvel Comics, Peggy essentially pleaded with viewers to know their value. It’s a nice sentiment, but in an age when rarely a week goes by when a high-profile hacking scandal doesn’t hit the news, implications of what you’re worth to scammers and extortionists is increasingly creepy.
The Ashley Madison leak has wrecked lives. Last year’s Celebgate hit the headlines, but actually didn’t wreck reputations as could’ve been the case. Even downloading Windows 10 can lead to you being scammed.
That’s why TrendMicro examined the demand for information gleaned from data breaches, and discovered just how cheap your personal information can be acquired.
Naturally, the most valuable data is bank account information, the actual amount depending on your balance! Typically sold on for between $200 and $500, accounts with more money available to mine have a higher asking price. Financial data – which TrendMicro defines as banking details, insurance, and billing – is the second most common type of stolen records, purely because it’s very easy to turn that data into profit. Notably, banking malware is an issue in Brazil, and indeed many items to bid for are listed as originating there.
Credit card information fluxes in price, but just like wholesale buying, the price per ‘unit’ decreases if they’re bought in bulk, probably as a result of mass cyberattacks on specific sites. Rates for sole cards are frequently below $100; some considerably so (around $4.50- $8) and others still, a not-inconsiderable but nonetheless comparatively inexpensive amount (about $65).
Prices further change depending on how swiftly a card is likely to be deactivated, and location. CNET reports:
“Credit cards from every continent can be purchased, but cards which are not from the US tend to fetch higher prices than those registered to United States addresses.”
Fetching a similarly high fee are eBay (and thus PayPal) accounts with extensive histories – these command up to $300 each – because they’re less likely to be flagged for suspicious activity, meaning thieves will often have more time to take advantage of the information before being detected. Equally, PayPal users without years of dealings might find theirs up for as little as $10.
In most cases, your PayPal balances are displayed to would-be buyers from the off, so they can weigh up if you’re worth paying out for. Some even have guarantees that if a certain percentage of bulk PayPal accounts are locked or flagged (which buyers tend to accept as the luck of the draw), the sellers will supply replacements.
Know Your Worth: Personal Information
Further account details available to buy might surprise you: Amazon and Netflix obviously are linked to cards, but other memberships that are worth paying for include Uber (for hackers who want a free ride or two), FedEx (bringing a new meaning to free postage), and Facebook. The latter knows a lot about you anyway, but just take a look at Digital Shadow: it scours your account and reveals how much information can be found out about you.
That includes suggesting possible passwords. You can see why someone might be interested in that.
Facebook trades in this personal data for advertising, so of course this is also of interest to hackers. And an abundance of Personally Identifiable Information (PII) has made fees for this sort of data slump. PII can include something as public as name, address, date of birth, email, and phone number, as well as more private details like salary, vehicle registration plate, National Insurance/ Identification number, and online handle.
These can result in substantial identity theft.
Considering their potential for misuse, you’d think these would fetch at least average prices, but no. While they used to go for $4 a line, thanks to the myriad of data breaches, this information can now be purchased for as little as $1 per line.
Scans of bills and your passport can garner anywhere below $40, while a full credit report can be bought for $25. What might come as a bigger shock is how valuable your medical records can be. Last year, Reuters stated that your medical information is worth 10 times more than even your credit card number. It’s a relatively simple way of accessing PII, and healthcare’s sometimes-lax approach to computing and security is getting blamed. Jeff Horne, of cybersecurity company, Accuvant, said:
“Healthcare providers and hospitals are just some of the easiest networks to break into… When I’ve looked at hospitals, and when I’ve talked to other people inside of a breach, they are using very old legacy systems – Windows systems that are 10 plus years old that have not seen a patch.”
As well as gaining some PII en masse, medical details can also be used to obtain drugs which can then be sold on.
What Can You Do?
To some degree, it’s out of your hands, but the least you can do is maintain strong security measures. Create strong, memorable passwords – definitely don’t pick any of these terrible ones. Knowing easy ways hackers can get access to your data is half the battle. Actually stealing your hardware can be profitable in all sorts of ways, and it’s important to know the difference between fake emails and real ones, as well as recognizing what your bank will never ask you online.
When it comes to battling against intrusion via Facebook, try logging out remotely, and if you’re shopping online, there are some very simple tips to limit damage potentially done by scammers, such as checking for signs of encryption.
What tips do you have? Are you shocked by how little your information is traded on for? Tell us below.