You can get all kinds of things on the DarkNet, from guns and drugs to private information. Information – of individuals and companies – is a particularly hot commodity. Let’s take a look at what kinds of information is available for purchase on the DarkNet and why this information is so valuable.
The DarkNet is like any marketplace, with a currency (bitcoin), shipping, and the ability to rate vendors and post positive and negative feedback. Alpha Bay sellers are rated on a vendor trust scale of one to 10, with established sellers generally responding quickly to customer complaints. But, unlike typical marketplaces, private information is on the DarkNet price list. Here’s a list of the most sought-after private information.
Credit card numbers. Credit card data are considered by security experts to be the most commonly traded commodities in the underground economy. These are often sold in large batches because many of the cards may have already been cancelled.
Credit Score Reports. Credit Score reports are one of the most highly traded assets. Financial organizations use credit score reports to assess a client’s credit history, which is used to approve loans. The price of the credit score lists depends on the score of the report, with the higher score reports going for a higher price.
Bank account information. This is a high-ticket item, with the sale price dependent on how much money is in the account. Compromised bank account information can be collected by infecting victims’ computers with specific malware or through phishing campaigns.
“Fullz”. Fullz – hacker terminology for the full information on a victim – includes the name, address, social security number, credit card data, date of birth, mother’s maiden name, driver’s license number, and more. This information is used by criminals to impersonate victims in more complex scams. Data such as social security numbers, birth dates, driver’s license information, and phone numbers can be used in submitting and validating fraudulent transactions or accounts, including insurance claims, financial aid applications, or income tax filing. Phone numbers can be used to thwart anti-fraud mechanisms like multifactor authentication.
Health records. A substance abuse treatment facility had its database hacked. Records of patients afterwards appeared on the Dark web, including dosing information, doctors, and counselors of patients, and admission dates. Health information is a rich source of personal information that can be used for tax fraud, insurance fraud, and more.
Online account credentials. The credentials that are most in demand are those relating to Amazon, Apple, Email, eBay, Facebook, Twitter and Instagram services. eBay accounts are used to facilitate auction fraud. Social media accounts are used for phishing campaigns. Apple, Amazon, and PayPal accounts are usually used by criminal crews for cashout processes.
Gaming credentials. These credentials are used as a cashout mechanism. Once purchased, criminals sell virtual gaming goods and features to monetize their efforts. Criminals convert virtual gold and goods obtained by the victim’s character for money.
Insiders Turn to the DarkNet
It’s not just hackers that post information for sale on the DarkNet. The rise of hidden marketplaces makes it easier for insiders to gain financially as well. Insiders have access to a wealth of corporate information, and they often turn to the DarkNet to get paid for company and customer data.
Medicare details for Australian consumers appeared on the DarkNet courtesy of a “bad person doing a bad thing from a legitimate channel.” The employee of a medical service obtained the information and sold it online. For the Australian government, the Guardian-revealed darknet listing was the first indication that they had a potential insider leaking citizen information online.
A darknet marketplace listing could be the first indication a business has regarding a rogue insider. So, businesses are now monitoring the DarkNet for clues that their company and customer data is being exposed. James Nunn Price, cyber risk leader for Deloitte in the Asia Pacific region, recounts an incident involving a large energy company client:
“We do monitoring for them and we were able to pick up on a dark web market that one of their systems administrators was selling their remote access VPN logging details,” he said.