Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:00 AM
Itay Glick
Itay Glick
Connect Directly
E-Mail vvv

Darknet: Where Your Stolen Identity Goes to Live

Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.

How much is a human life worth? If you ask folks on the Darknet, the answer could be as little as a nickel—when ordered in bulk, that is. Orders for identities in packages of up to 100 could cost as much as 25¢ apiece. A merchant with a store on AlphaBay Market has been advertising a “USA Personal Info” kit that consists of names, addresses, phone numbers, Social Security numbers, bank account information, and so on, and is “guaranteed fresh!”

The merchant’s 3,800 buyers agree. “Thanks for the $^$#&$ price,” says one satisfied customer, with others calling the data dump “awesome,” “legit information,” and “A+.” To be fair, one customer was not entirely satisfied: “Request more FL listings,” but otherwise, the customer commented, “Everything is perfect.”

If you're in the market for stolen identities, you can find all you want on AlphaBay, one of the premier marketplaces on the Darknet. The market is just a few clicks away—all you need to get there is the Tor browser. In the past, people used Tor mainly to access Internet sites without being monitored by Internet service providers or, worse, by governments. In places like Iran and China, where the government tries to limit Internet access, Tor enables residents to access forbidden sites such as Facebook. But Tor is also used to access Darknet markets, where all manner of illicit goods and services are bought and sold.

After installing Tor, you’ll see that connecting with sellers like Zloy3 in the Darknet is fast, simple, and secure. But secure is the one thing you can't say about identities. They are the gift that keeps on giving. Whereas hacked credit cards tend to be good for a single use at most, because the bank or victim usually catches on fairly quickly, stolen identities can be used multiple times in multiple ways.

In addition, victims may not even learn that their identity has been stolen until major damage has been done to their finances, reputation, and credit rating. The task of notifying the various authorities that one’s identification documents are being used illegally takes additional time and much effort; in the meantime, the criminals are exploiting the victim’s identity in as many ways as possible. A fake application for a credit card doesn't affect the victim, but racking up charges with a credit card number that the victim doesn't even know exists is a different matter altogether, providing a much better return on investment for cybercrooks.

How to be an identity thief
While almost everything is available on the Darknet—drugs, weapons, and child pornography, for example—it excels as an educational channel for beginning identity thieves, offering resources and tools that almost guarantee success. The easiest route for a cybercriminal, of course, is to buy identity information from one of the thousands of peddlers in the Darknet marketplace, but that method requires a measure of trust; you have to have faith that the cybercrook who stole all the data will be honest enough not to cheat you. Understandably, many cybercrooks prefer to do identity “shopping” on their own, gathering information from databases to ensure the authenticity of the product. The Darknet is there to help them.

One of the most common methods of stealing identities begins with spearphishing email messages. Once a hacker has carried out a successful attack, everything within the organization’s network, including identity information, is accessible. For example, some 8 million people had their passport numbers and other valuable information stolen by cybercriminals who managed to penetrate one of Japan's biggest travel agencies, JTB Corp. The breach was apparently initiated when a JTB employee opened an attachment to a spearphishing email message purporting to contain travel information. The attachment was a Microsoft Word document with an embedded zero-day exploit that opened the door to the company’s network and databases.

Hackers who are preparing spearphishing attacks can also find useful ideas in one of the many social-engineering guides that are available on the Darknet and even on Amazon.com, with prices as low as $4 on the Darknet.

The point of stealing all that data, of course, is to make money from it, and the Darknet tells you how to do that. A novice hacker would probably benefit from packages like “Easy Security for Carding, Hacking and General / 25 guides in ONE!!! 3 DAYS FOR FREE” or “Ultimate Fraud Package – 6500 items – 2016 + FREE GIFT!” The latter, says the merchant, is “a super big package containing everything you can think of—eBooks, tutorials, guides about Bitcoin, PayPal, Bank Transfers, Hacker Tutorials, Carding, Fraud, Cashout Tutorials, Anarchist Handbook.” The price of this apparently college-level identity-theft course is a mere $9.99.

According to that merchant, 5,109 copies of the Ultimate Fraud Package have been sold since November 21, 2015, and the merchant's rating page is full of accolades, such as “Very good information and instant delivery,” “Thank you for all the good stuff,” and “Frigging bad English in some of his files but overall good! Thx!”

Once a hacker has learned the tricks of the trade, it's time to expand. Hackers who want to grow their business can use the Services section on AlphaBay and other Darknet markets to find competent personnel. One hacker, for example, offers “quality thefting services, new method to avoid CO.UK police reports with high amounts.”

Unfortunately, there is little individuals can do to protect themselves from identity thieves lurking on the Darknet to do them harm. For organizations, the best strategy is to educate users, consumers and protect personal data with the latest cybersecurity solutions.

Related Content:



Itay brings to Votiro more than 15 years of executive management experience in cybersecurity at global technology companies based in the U.S., Europe, and Asia. Prior to co-founding Votiro, he played a key role in managing the development of equipment for the lawful ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/8/2018 | 5:11:00 AM
Re: On the Internet, nobody knows if you're a cop
I have been waiting for this information for a long time. Thank you very much for the great post.

Asian fanfics
fairy flavia
fairy flavia,
User Rank: Apprentice
8/15/2018 | 5:08:28 AM
informative blog

Where Your Stolen Identity Goes to Live is really an informative blog. Awesome technique keep sharing.

UK economics assignment

User Rank: Apprentice
9/21/2017 | 6:57:40 AM
Re: Identity theft
There are negative and positive attributes to Dark Net. I can find the best cheap essay writing service in it and they come very cheap when compared to the regular sites available. However, viewers discretion should be maintained and they should go to places exactly without deviating; otherwise, they would end up in a lot of trouble.
User Rank: Ninja
9/29/2016 | 10:24:46 AM
Identity theft
It is just baffling to me how our private most data gets compromised in all this fiasco surrounding these hacking activites. I always prefer to encrypt my connection and use a changed IP to avoid all kinds of hacking and scam alerts by securing my connection with purevpn as they have strict no logs policy and also offer online encryted connection. Taking security measures is the root of all the preventive easures and therefore it is therefore important to deploy all of them to secure yurself from the embarrasment of data theft. 
User Rank: Ninja
8/24/2016 | 12:53:18 PM
On the Internet, nobody knows if you're a cop
In the criminal world, the ethics of the pirate ship will always prevail, but it's a lot easier to punish those who betray you if you know who they are and where to find them.
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-22
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. ...
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue...
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the...
PUBLISHED: 2020-02-21
Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP a...
PUBLISHED: 2020-02-21
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.