Kaspersky: Your Digital Life Is for Sale Cheap
Security researchers at Kaspersky Labs this week provided an update on what personal digital data is worth on dark Web markets.
It's not a new idea; security researchers provide this data every few years. But it's always interesting to hear what data is going for. The upshot -- a consumers' entire digital life is worth less than $50.
David Jacoby, a senior security researcher at Kaspersky Lab, spent some time poking around sites where stolen user identities and accounts were on sale, and blogged about it here.
Some highlights:
- The easiest information to find is hacked accounts, and they're not worth very much individually. "The price for these hacked accounts is very cheap, with most selling for about $1 per account, and if you buy in bulk, you'll get them even cheaper," Jacoby wrote.
- We're used to innovative business models from the digital crime community thanks to ransomware. Interesting schemes are emerging in the hacked account arena, as well. "Some vendors even give a lifetime warranty, so if one account stops working, you receive a new account for free," Jacoby noted, citing an example involving Netflix accounts.
- Dumpster diving is being used for purposes other than targeted, individual attacks. "People actually steal other people's mail and collect invoices, for example, which are then used to scam other people. They will collect and organize these invoices by industry and country. The vendors then sell these scans as part of a scammer toolbox," he found. "A scammer can use these scans to target victims in specific countries and even narrow their attacks down to gender, age and industry."
- Adding up various elements of a person's digital life, Jacoby estimated that hackers are selling people's complete digital life for less than $50, not including bank accounts, but often including services that might have a credit card attached.
- Online underground marketplaces were also trading in fake documentation, including fake ID cards, driver's licenses and passports. A registered Swedish passport, for example, was on sale for $4,000, Jacoby found.
The whole post is worth a read, but at the least it's a reminder, as if any were needed, of how ubiquitous hacked accounts are. There are so many out there that they're very cheap for other bad actors to purchase.
Posted by Scott Bekker on 11/07/2018 at 11:24 AM