Endpoint
8/19/2016
11:00 AM
Itay Glick
Itay Glick
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Darknet: Where Your Stolen Identity Goes to Live

Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.

How much is a human life worth? If you ask folks on the Darknet, the answer could be as little as a nickel—when ordered in bulk, that is. Orders for identities in packages of up to 100 could cost as much as 25¢ apiece. A merchant with a store on AlphaBay Market has been advertising a “USA Personal Info” kit that consists of names, addresses, phone numbers, Social Security numbers, bank account information, and so on, and is “guaranteed fresh!”

The merchant’s 3,800 buyers agree. “Thanks for the $^$#&$ price,” says one satisfied customer, with others calling the data dump “awesome,” “legit information,” and “A+.” To be fair, one customer was not entirely satisfied: “Request more FL listings,” but otherwise, the customer commented, “Everything is perfect.”

If you're in the market for stolen identities, you can find all you want on AlphaBay, one of the premier marketplaces on the Darknet. The market is just a few clicks away—all you need to get there is the Tor browser. In the past, people used Tor mainly to access Internet sites without being monitored by Internet service providers or, worse, by governments. In places like Iran and China, where the government tries to limit Internet access, Tor enables residents to access forbidden sites such as Facebook. But Tor is also used to access Darknet markets, where all manner of illicit goods and services are bought and sold.

After installing Tor, you’ll see that connecting with sellers like Zloy3 in the Darknet is fast, simple, and secure. But secure is the one thing you can't say about identities. They are the gift that keeps on giving. Whereas hacked credit cards tend to be good for a single use at most, because the bank or victim usually catches on fairly quickly, stolen identities can be used multiple times in multiple ways.

In addition, victims may not even learn that their identity has been stolen until major damage has been done to their finances, reputation, and credit rating. The task of notifying the various authorities that one’s identification documents are being used illegally takes additional time and much effort; in the meantime, the criminals are exploiting the victim’s identity in as many ways as possible. A fake application for a credit card doesn't affect the victim, but racking up charges with a credit card number that the victim doesn't even know exists is a different matter altogether, providing a much better return on investment for cybercrooks.

How to be an identity thief
While almost everything is available on the Darknet—drugs, weapons, and child pornography, for example—it excels as an educational channel for beginning identity thieves, offering resources and tools that almost guarantee success. The easiest route for a cybercriminal, of course, is to buy identity information from one of the thousands of peddlers in the Darknet marketplace, but that method requires a measure of trust; you have to have faith that the cybercrook who stole all the data will be honest enough not to cheat you. Understandably, many cybercrooks prefer to do identity “shopping” on their own, gathering information from databases to ensure the authenticity of the product. The Darknet is there to help them.

One of the most common methods of stealing identities begins with spearphishing email messages. Once a hacker has carried out a successful attack, everything within the organization’s network, including identity information, is accessible. For example, some 8 million people had their passport numbers and other valuable information stolen by cybercriminals who managed to penetrate one of Japan's biggest travel agencies, JTB Corp. The breach was apparently initiated when a JTB employee opened an attachment to a spearphishing email message purporting to contain travel information. The attachment was a Microsoft Word document with an embedded zero-day exploit that opened the door to the company’s network and databases.

Hackers who are preparing spearphishing attacks can also find useful ideas in one of the many social-engineering guides that are available on the Darknet and even on Amazon.com, with prices as low as $4 on the Darknet.

The point of stealing all that data, of course, is to make money from it, and the Darknet tells you how to do that. A novice hacker would probably benefit from packages like “Easy Security for Carding, Hacking and General / 25 guides in ONE!!! 3 DAYS FOR FREE” or “Ultimate Fraud Package – 6500 items – 2016 + FREE GIFT!” The latter, says the merchant, is “a super big package containing everything you can think of—eBooks, tutorials, guides about Bitcoin, PayPal, Bank Transfers, Hacker Tutorials, Carding, Fraud, Cashout Tutorials, Anarchist Handbook.” The price of this apparently college-level identity-theft course is a mere $9.99.

According to that merchant, 5,109 copies of the Ultimate Fraud Package have been sold since November 21, 2015, and the merchant's rating page is full of accolades, such as “Very good information and instant delivery,” “Thank you for all the good stuff,” and “Frigging bad English in some of his files but overall good! Thx!”

Once a hacker has learned the tricks of the trade, it's time to expand. Hackers who want to grow their business can use the Services section on AlphaBay and other Darknet markets to find competent personnel. One hacker, for example, offers “quality thefting services, new method to avoid CO.UK police reports with high amounts.”

Unfortunately, there is little individuals can do to protect themselves from identity thieves lurking on the Darknet to do them harm. For organizations, the best strategy is to educate users, consumers and protect personal data with the latest cybersecurity solutions.

Related Content:

 

 

Itay brings to Votiro more than 15 years of executive management experience in cybersecurity at global technology companies based in the U.S., Europe, and Asia. Prior to co-founding Votiro, he played a key role in managing the development of equipment for the lawful ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
9/29/2016 | 10:24:46 AM
Identity theft
It is just baffling to me how our private most data gets compromised in all this fiasco surrounding these hacking activites. I always prefer to encrypt my connection and use a changed IP to avoid all kinds of hacking and scam alerts by securing my connection with purevpn as they have strict no logs policy and also offer online encryted connection. Taking security measures is the root of all the preventive easures and therefore it is therefore important to deploy all of them to secure yurself from the embarrasment of data theft. 
jries921
100%
0%
jries921,
User Rank: Ninja
8/24/2016 | 12:53:18 PM
On the Internet, nobody knows if you're a cop
In the criminal world, the ethics of the pirate ship will always prevail, but it's a lot easier to punish those who betray you if you know who they are and where to find them.
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: " I think Google Doodle is getting a little out of control"
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.