From marketers to black marketers, your personal information is a valuable commodity
29 December, 2014
category: Corporate, Digital ID, Financial, Government, Health
Thieves piece together data
Just as retailers are finding new and innovative ways to extract and monetize data, criminals are doing the same – and finding value in more pieces of data than ever before. Modern thieves don’t even have to do much legwork as individuals are leaving their information unprotected.
Symantec’s 2014 Internet Security Threat Report details the top causes of data breaches in 2013:
• 34% were due to hackers
• 29% were because of information that was accidentally made public
• 27% were due to the theft or loss of a computer or drive
The classic hacker move is to steal credit card numbers to sell, and then the person who buys them will use those numbers until they don’t work anymore. Alternatively, criminals can steal the logins and passwords to bank accounts, and then start transferring money out.
Today’s criminals are experts at finding ways to exploit the data that they accumulate, says Ramirez. They put together pieces of information like a puzzle.
“Fraudsters are actively looking at how to gather data from different sources and build more valuable profiles,” Ramirez explains.
Even though people are afraid of identity theft, they unknowingly take risks with some of their most critical pieces of information, Caserta says. Few people think twice about giving a waiter their credit card with a signature and security code.
“Most are perfectly comfortable with that,” he says. “But many fear putting a credit card on a secure, encrypted website.”
Online financial services are one of the most embraced markets by the general public, yet it’s also one of the most risky, Caserta says. “That’s the most sensitive information you can have online. And that’s the one that’s the most popular,” he says.
Caserta, whose company works with a number of financial institutions, points out that the data in bank servers and databases is fairly ironclad. What puts users’ financial information at risk is their choice and management of usernames and passwords.
Black market identity values
A few years ago, Symantec developed an online tool that calculated roughly how much your identity would be worth on the black market. Depending on factors such as age, gender and the extent of your online account data, the answers were typically in the $20 to $30 range.
Haley says a few things have changed since Symantec collected that information, and as a result the value of certain pieces of data can vary according to whom is selling what. “The bad guys have gotten more sophisticated,” he says.
The black market consists of buyers and sellers with varying levels of sophistication. “The price depends on the reputation of the seller and the data’s perceived value,” Haley says.
Haley says low-end hackers tend to be rip-off artists and can be found through Google. Their high-end counterparts gather in exclusive forums, in which you need a recommendation from a member in order to gain access.
They use systems similar to what you might find on eBay, with rankings for the buyers and sellers listed. Prices might depend on how quickly a credit card could be shut down. The card data stolen from Target last year is far less valuable now than it was at the time of the breach. “The value sinks almost daily,” Haley says.
And just like anything else, supply and demand influences cost. If a lot of stolen credit card numbers are flooding the market, the cost of those numbers will be less, Haley says.