Here's What Your Identity Sells For On The Dark Web

in #darkweb7 years ago



Millions of Americans who trusted Equifax with sensitive personal and financial data, including social security numbers and credit-card information, are now nervously wondering whether they will be among the unlucky minority of affected customers whose identities are successfully “repurposed” by online criminal groups.

One researcher from security firm SecureWorks shared some details about today’s burgeoning marketplace for stolen data with Bloomberg, and the conclusion is clear: It is now easier – and cheaper – for criminals to access and abuse illicit data than ever before. In fact, a high-limit American express card with a high chance of working can be purchased online for less than $20. Criminals can buy files with thousands of low-limit card numbers for pennies on the dollar.

According to Bloomberg, “verified” high-limit credit cards from developed countries like the US, Japan, and South Korea are selling on the dark web for the bitcoin equivalent of about $10 to $20.

“Verified” means the seller has tested out transactions on the card and found it hasn’t been canceled yet. For scammers on a budget, there’s unverified stolen credit card data, which comes out to pennies a card when bought in bulk.

Here’s a screengrab from one dark-web marketplace.


Luckily for criminals, cards generally aren’t selling any cheaper on the dark web these days, said Alex Tilley, a researcher at Secureworks. Today’s buyers are more likely to get higher-quality cards, ones with sizable limits that can be used fraudulently with ease. It isn’t as hit-or-miss as it used to be, a welcome change for criminals, chilling news for most of us.

Criminals have even set up sophisticated “rating systems” to help value the data. Business cards are preferred, Tilley said, because they don’t have a limit. Those and high-end personal cards—say, a Platinum American Express that has been verified and has an 85 percent rating (judged by the seller to have an 85 percent chance of being successfully used in a fraud)—will go for $15 to $20. A regular Mastercard that doesn’t have a high limit might go for $9.

One underground hacker market inexplicably called Trump’s Dumps is selling full identities of individuals just like you for as little as $10 apiece. They’re called fullz, “dossiers that provide enough financial, geographic and biographical information on a victim to facilitate identity theft or other impersonation-based fraud.” Fullz can help a criminal get past those irritating “secret questions” that sites ask to verify your identity.

Recently, Secureworks’ researchers have seen more offers of bulk pre-verified card details, along with more identifying information about the owners. In some cases, offers even include the cardholder’s mother’s maiden name. Still, they cost just $10 to $12. Below is a fullz offer with a lot of personal identification on a Korean consumer.

In a massive breach like Equifax, hackers can easily walk away with hundreds of millions of dollars in profits from selling the data. Meanwhile, the identity thieves who purchased it can reap their own fortune running their scams.

Congress, the FTC and Equifax customers – enraged by both the company’s reluctance to initially disclose the breach and its carelessness (some would say tight-fistedness) concerning its cybersecurity defenses – have buried the company in lawsuits and official inquiries.

As USA Today revealed yesterday, hackers took advantage of an Equifax security vulnerability two months after an industry group discovered the coding flaw and shared a fix for it, raising questions about why Equifax didn't update its software successfully when the danger became known.

We’re looking forward to hearing the whole story from CEO Rick Smith when he testifies before Congress early next month. Whether Smith manages to hang on to his job remains to be seen - calls for his resignation after a 12-year-long scandal-free tenure are mounting. CNBC's Jim Cramer said last night that Smith "should be fired today."

But perhaps more worrying for Smith and his C-Suite companions are calls from North Dakota Sen. Heidi Heitkamp, who has demanded a criminal investigation into whether the company's executives - several of whom sold stock during the period between when the company first learned about the hack and when it disclosed it to the public - commited securities fraud.

"If that happened, then somebody needs to go to jail," she said.

Source : http://www.zerohedge.com/news/2017-09-15/here%E2%80%99s-what-your-identity-sells-dark-web

Disclaimer : This is not the real Tyler Durden! I read ZeroHedge every day to find the one or two best articles and reformat them for Steemit. I appreciate the upvotes but consider following the account and resteeming the articles that you think deserve attention instead. Thank you! Head over to ZeroHedge.com for more news about cryptocurrency, politics and the economy.

Sort:  

Great article! Really good information and quite disturbing to say the least. The thing to me that is most concerning is that a company like Equifax that is supposed to be helping consumers allowed executives to sell shares once the breach was discovered to essentially "cash out" before the SHTF once they made the breach public. This is insider trading at it's finest and had to be known by the CEO. If these executives aren't jailed for this, this will be yet another example of our financial institutions simply fleecing the people for personal gain.

Its scary the amount of personal information is selling on the dark web.
Thanks for the post.
Keep up the good work, im gonna follow if i like the content

omg
that news really too good but little bit scary as well because of selling personal information on dark web.

thanks for posting
love your work
keep posting please
:)
upvoted

Very informative post. Thank you for sharing your knowledge.

Great information about what goes on behind the scenes both in dark web, security systems, and greedy CEO's. 🐓🐓

I enjoy reading these articles enough to let you slide but understand how mad it makes me and others who actually create original content everyday, to see someone like you just reposting others work, and making thousands of dollars,.... i wont report you to any whales but please dont just repost any articles from other authors without at LEAST 10-20% your own original content at LEAST give a paragraph or ytwo of your own at the end with your own opinions! its so important to just show you did a little extra work so orthers dont copy you!
the last thing we need is you setting a bad example and others just starting to repost others works! we cant have everyone doing what youre doing or we will face massive lawsuits , we cant blatantly profit off other people's work online, u gotta actually add your own stuff to it man!