Dark Web Monitoring Part 3
The Dark Web - A Gateway to Criminal Activity
Over the last few months, we've taken a deep dive into the dangers of the Dark Web. We continue our series this month by shedding light on how transactions happen on the Dark Web and the criminal enterprise in this mysterious, hidden place. Why is this important? The more you understand how the criminal activity works, the better prepared you will be to protect yourself and your family from this growing threat.
It's accessible across the globe
While the Dark Web is intentionally cloaked in anonymity, making it mysterious to the outside observer, it operates much like the Surface Web, where we interact every day. However, the web browsers you are accustomed to, such as Chrome, Firefox, Internet Explorer and Safari, will not access a search result from this side of the web. Dark Web sites are found through a single unique browser that is used worldwide, known as Tor.
Not every person who uses Tor to access the Dark Web is a criminal. The anonymity provided by the Dark Web is also useful worldwide for law enforcement to obtain key pieces of data from informants, security professionals who need to stay abreast of criminal tactics, and journalists in countries that are hostile to free speech to communicate free of the fear of retribution. Tor was originally created for this latter purpose as an anonymous communications channel for free speech. It works by routing your request for a web page through a series of proxy servers operated by thousands of volunteers around the globe, masking the source of your internet request, making it unidentifiable and untraceable. It can be slow and unreliable, but this method achieves the goal of anonymous web browsing.
Unfortunately, the Dark Web has been infiltrated over the years by those intent on committing fraud and scams for financial gain, so cyber thieves and other criminals now conduct most activity on the Dark Web. Today, exploring the Dark Web is like walking alone at night, through a dark alley, in an unfamiliar city without a map. DON'T try this yourself. Leave this work to professional cyber-investigators.
It's a place to sell stolen data to other criminals
The basic principle of supply and demand applies to criminals on the Dark Web, just like it applies to merchants in your local town. For criminal Dark Web merchants, the "supply" is personal information, such as names and addresses in combination with social security numbers, account numbers, driver's license numbers, email addresses, usernames, passwords, and other personal information. This supply of stolen personal information largely comes from data breaches, such as the ones you have heard of like Marriott, Target, LinkedIn, and Equifax. These data breaches typically occur from a cyber-attack on the company's systems or an internal employee who steals data.
Criminals offer to sell the stolen data to Dark Web merchants in pre-packaged bundles designated by the theft date, which is referred to in this black-market trade as the "freshness date." In the criminal lingo, these bundles are called "dumps". Criminals will even sell stolen credit card data sorted by bank identification number or "BIN", which identifies which bank issued the cards.
It's an online storefront for buyers
The "demand" on the Dark Web comes from another type of criminal that buys stolen data from Dark Web merchants to commit fraudulent financial transactions or other forms of identity theft. These online storefronts are very similar to any other e-retailer with a menu of goods for sale, a shopping cart, satisfaction ratings, and discussion forums.
Most of these storefronts are operated in foreign countries, outside of U.S. law enforcement's reach, and have creative names and graphics to appeal to U.S buyers. One such example is "McDumpals" which features a Ronald McDonald-like character under golden arches, "Mr. BIN" which features a cartoon character that looks like the popular lead actor in the movie "Mr. Bean", or "Uncle Sam's Dumps wants YOU!" with the familiar Uncle Sam face, complete with a stovepipe hat in red, white and blue, beckoning criminals to "Buy American". Some even offer Black Friday sales, BOGO offers (buy one, get one), and money-back guarantees.
The criminal who shops on the Dark Web can browse the "product" selection and buy stolen credit card information based on the zip code of the rightful owner or by the BIN of the bank who issued the card. The criminal can limit his fraudulent purchases to a local zip code so it does not arouse suspicion. Or the criminal can buy and use stolen cards issued by a bank that does not have a habit of replacing cards after a large data breach.
The cost of stolen data is surprisingly low, and the pricing can vary each day, just like the stock market. Several "Dark Web Price Index" websites track changing costs for stolen data on the Dark Web. For example, a stolen Social Security number can cost as little as $1.00, and a full range of forged personal documents that can be used to commit impersonation and fraud can sell for only $1,500.
It's a place you don't want to be!
As we mentioned above, we strongly suggest that you don't try to visit the Dark Web on your own unless you are a cyber-investigator or law enforcement professional. While browsing may be anonymous, when you click on a site operated by thieves, it may be set up to track your steps back to your internet address. Also, law enforcement has had some success in hindering Dark Web thieves by laying traps for would-be buyers, which has led to arrests. We are working hard to keep you and your identity safe. Realizing that your internet browsing habits may have consequences is the first step to internet safety.
But what happens if your identity information ends up on the Dark Web through no fault of your own? That's where we come in.
As part of our Preferred Checking group, you have access to Dark Web Monitoring that will alert you if your personal information is found on suspicious sites, forums, blogs and more in the Dark Web. Also, you have access to a professional Identity Recovery Advocate who can help you understand what the alert means to you, provide recommendations to mitigate the risk, and help you overcome any type of identity theft should it occur, regardless of the cause.
We are standing ready to help you protect your identity with the same care that we take every day to meet your banking needs.