In the first six months of 2012 more than Twenty Million pieces of personal data traded hands through the data black market, and to put that into perspective that is more than twice as much that traded hands in all of 2011 and 2013 appears to be on track to surpass those numbers. You want to know what your data is worth on the black market, it is estimated about 1.2 Trillion Dollars of stolen data will trade hands in 2013.
How is this data stolen? First and foremost bad habits by Internet users and IT professionals that leave cracks in the system to allow for the opportunity to steal data, such as using the same password on multiple accounts, failing to update web browsers to current versions, not checking websites for encryption by looking for the padlock on the URL line and failing to logout from websites are all simple things that are often overlooked.
I guess the next question would be what exactly is the data black market? Well, in simple terms, it is very similar to the black market for actual products. It is a pool of cybercriminals who make a lot of money buying and selling stolen personal and corporate data. So basically these cybercriminals produce malware in the form of viruses, SPAM, or other programs that infect your system with the intent of capturing your personal information.
In order for this cyber black market to be successful it does take a team of very skilled individuals to make this happen successfully. One of the myths is that in a typical cyber-attack it will be obvious to the end user that they have been compromised; the reality is just the opposite. Cybercriminals need your system both personal and corporate in order for the mining of data to be success they must go undetected so there won’t always be the alarm, flashing lights and crashing systems.
So who makes up the team? It all starts with the programmers; someone has to develop the malware, SPAM or virus and develop the delivery system, and determine how the results are going to be delivered in the form of your data. Web designers have to develop the websites to capture and manage the incoming data. Technical people who manage the infrastructure and servers and who route the data and the traffic to insure that tracing them is very difficult or near impossible, and the intermediaries who take that data and find sellers and buyers for the data and collect the money for a percentage of the fee paid.
What are the most common items bought and sold on the cyber black market? On the personal side it is credit card numbers, social media account passwords, email lists and on the corporate side it is accounting and banking information such as direct deposit information, emergency contact information, routing numbers, and access to hacked servers.
Yes behind every virus, Trojan, worm or other malware, there is a thriving business and now in some cases government probing and looking for weaknesses in our systems. These businesses, just like legal businesses, must promote themselves in order to buy and sell their products or services. In some cases they go as far as to have promotions, demonstrations of their abilities, service guarantees and even discounts for large purchases or reoccurring purchases. How does the sales process take place on the data black market? Obviously these transactions are electronic and very difficult to trace, but the client and vendor take advantage of social media to promote and start the negotiation of the product. The product is then delivered through a series of underground online stores to actually conduct the transaction. They establish a legitimate method of payment such as PayPal or historical credit card transaction or if it is a cash transaction Western Union is always available. Then, which has always been interesting to me, is they will actually establish a customer support methodology so that if the credit card number is invalid or the product is not what the buyer expected, there is a way to reconstruct the transaction because remember, this is a business, repeat customers are critical to the ongoing black market economy.
Now that you have a basic understanding of what the cyber black market is and how it works, next month we will go through some steps on how to protect yourself and your business so you don’t become a victim.