Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:00 AM
Itay Glick
Itay Glick
Connect Directly
E-Mail vvv

Darknet: Where Your Stolen Identity Goes to Live

Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.

How much is a human life worth? If you ask folks on the Darknet, the answer could be as little as a nickel—when ordered in bulk, that is. Orders for identities in packages of up to 100 could cost as much as 25¢ apiece. A merchant with a store on AlphaBay Market has been advertising a “USA Personal Info” kit that consists of names, addresses, phone numbers, Social Security numbers, bank account information, and so on, and is “guaranteed fresh!”

The merchant’s 3,800 buyers agree. “Thanks for the $^$#&$ price,” says one satisfied customer, with others calling the data dump “awesome,” “legit information,” and “A+.” To be fair, one customer was not entirely satisfied: “Request more FL listings,” but otherwise, the customer commented, “Everything is perfect.”

If you're in the market for stolen identities, you can find all you want on AlphaBay, one of the premier marketplaces on the Darknet. The market is just a few clicks away—all you need to get there is the Tor browser. In the past, people used Tor mainly to access Internet sites without being monitored by Internet service providers or, worse, by governments. In places like Iran and China, where the government tries to limit Internet access, Tor enables residents to access forbidden sites such as Facebook. But Tor is also used to access Darknet markets, where all manner of illicit goods and services are bought and sold.

After installing Tor, you’ll see that connecting with sellers like Zloy3 in the Darknet is fast, simple, and secure. But secure is the one thing you can't say about identities. They are the gift that keeps on giving. Whereas hacked credit cards tend to be good for a single use at most, because the bank or victim usually catches on fairly quickly, stolen identities can be used multiple times in multiple ways.

In addition, victims may not even learn that their identity has been stolen until major damage has been done to their finances, reputation, and credit rating. The task of notifying the various authorities that one’s identification documents are being used illegally takes additional time and much effort; in the meantime, the criminals are exploiting the victim’s identity in as many ways as possible. A fake application for a credit card doesn't affect the victim, but racking up charges with a credit card number that the victim doesn't even know exists is a different matter altogether, providing a much better return on investment for cybercrooks.

How to be an identity thief
While almost everything is available on the Darknet—drugs, weapons, and child pornography, for example—it excels as an educational channel for beginning identity thieves, offering resources and tools that almost guarantee success. The easiest route for a cybercriminal, of course, is to buy identity information from one of the thousands of peddlers in the Darknet marketplace, but that method requires a measure of trust; you have to have faith that the cybercrook who stole all the data will be honest enough not to cheat you. Understandably, many cybercrooks prefer to do identity “shopping” on their own, gathering information from databases to ensure the authenticity of the product. The Darknet is there to help them.

One of the most common methods of stealing identities begins with spearphishing email messages. Once a hacker has carried out a successful attack, everything within the organization’s network, including identity information, is accessible. For example, some 8 million people had their passport numbers and other valuable information stolen by cybercriminals who managed to penetrate one of Japan's biggest travel agencies, JTB Corp. The breach was apparently initiated when a JTB employee opened an attachment to a spearphishing email message purporting to contain travel information. The attachment was a Microsoft Word document with an embedded zero-day exploit that opened the door to the company’s network and databases.

Hackers who are preparing spearphishing attacks can also find useful ideas in one of the many social-engineering guides that are available on the Darknet and even on Amazon.com, with prices as low as $4 on the Darknet.

The point of stealing all that data, of course, is to make money from it, and the Darknet tells you how to do that. A novice hacker would probably benefit from packages like “Easy Security for Carding, Hacking and General / 25 guides in ONE!!! 3 DAYS FOR FREE” or “Ultimate Fraud Package – 6500 items – 2016 + FREE GIFT!” The latter, says the merchant, is “a super big package containing everything you can think of—eBooks, tutorials, guides about Bitcoin, PayPal, Bank Transfers, Hacker Tutorials, Carding, Fraud, Cashout Tutorials, Anarchist Handbook.” The price of this apparently college-level identity-theft course is a mere $9.99.

According to that merchant, 5,109 copies of the Ultimate Fraud Package have been sold since November 21, 2015, and the merchant's rating page is full of accolades, such as “Very good information and instant delivery,” “Thank you for all the good stuff,” and “Frigging bad English in some of his files but overall good! Thx!”

Once a hacker has learned the tricks of the trade, it's time to expand. Hackers who want to grow their business can use the Services section on AlphaBay and other Darknet markets to find competent personnel. One hacker, for example, offers “quality thefting services, new method to avoid CO.UK police reports with high amounts.”

Unfortunately, there is little individuals can do to protect themselves from identity thieves lurking on the Darknet to do them harm. For organizations, the best strategy is to educate users, consumers and protect personal data with the latest cybersecurity solutions.

Related Content:



Itay brings to Votiro more than 15 years of executive management experience in cybersecurity at global technology companies based in the U.S., Europe, and Asia. Prior to co-founding Votiro, he played a key role in managing the development of equipment for the lawful ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/8/2018 | 5:11:00 AM
Re: On the Internet, nobody knows if you're a cop
I have been waiting for this information for a long time. Thank you very much for the great post.

Asian fanfics
fairy flavia
fairy flavia,
User Rank: Apprentice
8/15/2018 | 5:08:28 AM
informative blog

Where Your Stolen Identity Goes to Live is really an informative blog. Awesome technique keep sharing.

UK economics assignment

User Rank: Apprentice
9/21/2017 | 6:57:40 AM
Re: Identity theft
There are negative and positive attributes to Dark Net. I can find the best cheap essay writing service in it and they come very cheap when compared to the regular sites available. However, viewers discretion should be maintained and they should go to places exactly without deviating; otherwise, they would end up in a lot of trouble.
User Rank: Ninja
9/29/2016 | 10:24:46 AM
Identity theft
It is just baffling to me how our private most data gets compromised in all this fiasco surrounding these hacking activites. I always prefer to encrypt my connection and use a changed IP to avoid all kinds of hacking and scam alerts by securing my connection with purevpn as they have strict no logs policy and also offer online encryted connection. Taking security measures is the root of all the preventive easures and therefore it is therefore important to deploy all of them to secure yurself from the embarrasment of data theft. 
User Rank: Ninja
8/24/2016 | 12:53:18 PM
On the Internet, nobody knows if you're a cop
In the criminal world, the ethics of the pirate ship will always prevail, but it's a lot easier to punish those who betray you if you know who they are and where to find them.
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-26
IBM Spectrum Scale 5.0.0 through and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
PUBLISHED: 2021-01-26
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...