12 Mar The Web’s Many Shades and Your Worth
After finishing a rails project last week where we built out a facial recognition web app, one particular discussion I had with an instructor about web security stuck with me. We discussed the possibility of user data being stolen while the application sent out its api call to the external ai engine and how important it was to make sure that there weren’t any areas open for people to come in and change data routing. That conversation sparked my interest to look a bit further into stolen data and what better place to start my search then with all the marvels found within the dark web.
Shades of Web
Before we dive into all that stolen data let’s get a grasp of what the internet has to offer. As most people already know, the web we see and use every day isn’t everything available on the net. Although there are trillions of web pages indexed with more being added daily, the majority of the internet is still not accessible by traditional search engines.
Hitting The Surface
Standard search engines like Google, Bing and Yahoo only index certain parts of the internet known as the “visible web” or “surface web.” Goole alone has stated on it’s Google Search documentation that it has index over 30 trillion websites, hitting websites over 150 billion times a month. That is still a very small percentage of the entire internet with estimates stating that the “surface web” accounts for only 4% of the internet.
Diving A Little Deeper
Once you go a bit further you’ll find yourself inside the “deep web,” where you’ll find sites that require some form of authentication, such as banking sites, subscription-services, government sites, company internal networks, data-manipulation sites and other similar sites.
Finally we get to the “dark web.” “The dark web” lives on an overlay of networks that use the Internet but require specific software, configurations or authorization to access including Tor, Tails OS, I2P, Freenet, and Subgraph OS. The “dark web” is considered a small part of the larger deep web.
Going Dark with Tor
The last step we have to take before we get to all that stolen data is access to some software that allows us access the “dark web.” Tor, is software that protects its users by bouncing their communications around a distributed network of relays run by volunteers all around the world. It attempts to prevent someone from watching your internet connection and learning what sites you visit, it also prevents the sites you visit from learning your physical location, and it lets you access sites that are traditionally blocked from web browser like Google, Bing and Yahoo.
Time To Hide Under Your Bed
People are actively buying and selling your stolen personal data on dark markets like Dream, Point and Wall Street Market. When I looked further into what kinds of data people were actually buying found everything from paypal and netflix accounts to chase bank accounts and even tinder profiles for sale.
Your Worth About $1200
From February 5th of 2018 to February 11th of 2018 a security team from top10vpn.com reviewed all the fraud-related listings they could find on the three largest dark web markets, Dream, Point and Wall Street Market. The data they gathered was truly amazing and showed how someone could essentially purchase someone’s entire identity for as little at $1200 which includes your bank account logins, passport details and even access to your Netflix account. You can look at all their raw data here.
Everything Has A Price
The study was able to find that paypal accounts ranked among the most wanted items in turn getting the highest selling prices roughly $247 on average. On the other end of the scale accounts like GrubHub/Seamless, Walmart, and even Amazon accounts going for as little as $10. Want a Sprint Wireless account? Just $7, or how about a Costco account; just $3.
The group created the below market index to help the public understand just how much their personal data is worth.
Simon Migliano, head of research at Top10VPN.com says:
It might come as some surprise that on the dark web your entire personal identity can be bought for significantly less than the price of a new iPhone X.
There’s a real concern that with such valuable information changing hands so cheaply, there’s nothing to prevent would-be fraudsters from buying up much as they can in the hope of striking it lucky and draining victims’ bank accounts and credit lines.
What’s interesting though is that everything seems to have a price on the dark web. This is because it’s not just hacked Paypal accounts and credit cards that represent opportunities for fraud. Many other online accounts contain enough personal info to enable identity theft. It’s also increasingly normal to store payment details in online shopping accounts.
Are You Scared Yet?
When you stop and think about the number of accounts you have that all come together to create your online identity, all of which can be hacked and sold, the study becomes terrifying. The three most popular dark web markets, Dream, Point and Wall Street Market which can only be accessed through software suites like Tor, allow individuals to anonymously sell stolen personal info, along with all sorts of other contraband, such as drugs and weapons.
So What Can You Do? Spoiler Alert, Not Much…
At the end of the day hackers will sell anything they can to make some money, so the best you can do is keep track of your accounts because if you don’t someone else will. Be proactive and change your passwords frequently and try not to use the same password across sites. Try a password manager like 1password, dashlane or lastpass; for the most part those suites will annoy you frequently enough with alerts that you’ll give in and eventually change all your passwords to unique strings. Try to use their password generators to come up with difficult random passwords and I believe that at least some of those password suites will remind you when it’s time to change those passwords up after some set time. With that said, if someone really wants to steal your data, I’m sure there will be someone out there that can get it, so keep your eyes open. And don’t forget to come out from under your bed every once in a while, because you know the internet still has cat memes and unicorns.
Also published on Medium.