They say everything can be bought online, and that includes your identity. Exactly how much is your personal information worth on the online black market? The answer might shock you.
With organized crime in cyberspace becoming an increasingly widespread problem, surfing the web has become a risky business–and a lucrative one for online crooks.
“In 2004, the online connected population was just under 680 million people with 3 million unique infected files,” Rik Ferguson, Trend Micro’s security adviser, told ITWEb. “It was only 18 months after that when we noticed a real change in criminal activity. Fast-forward to today, and the number of connected users has tripled to 1.7 billion people and malware has exponentially increased to 30 million.”
Ferguson said the underground economy is booming because more people are connected to the Internet, and this increased number of inexperienced users is not aware of scams involving fake anti-viruses, botnets and phishing techniques used to steal information for financial gain.
According to a Symantec, the cyber-crime black market houses active communities of criminals who use the Internet Relay Chat network for communication to wheel and deal. Inside these communities, fraudsters share tips, sell their services and exchange information. Novice hackers can use these forums to receive detailed instructions on how to commit online fraud, perpetuating the selling of information and illegal business that continues.
Personal identification can be sold on the black market for less than $10, according to Ferguson, and the cheapest credit cards on sale go for $3 because they are easy to steal. Buying in bulk also brings the cost down, he added.
A report by the Bureau of Justice Statistics estimated that nearly 12 million people, about 5 percent of Americans, were victims of identity theft in a recent two-year period. But despite the larger number of incidents, consumers have begun to take note of the dangers on the web. According to a survey conducted by the National Cyber Security Alliance, 64 percent of respondents said they avoided making an online purchase because of security concerns. Sixty percent said this was because they were unsure whether the specific website was secure, and more than half expressed worry about providing information requested. Almost half said they felt a website requested more information than was necessary for the transaction.
Vincent Mihalik, vice president of Cyber Security Solutions for Wyle Information Systems, said that for many Internet users, keystroke logging and fabricated websites remain the most concerning tactics that await to steal their personal information.
“The primary target of these malicious activities is system access and log-on credentials,” he said. “The sophistication of these collection methods makes it very difficult for end-users to notice their identities have been targeted for a cyber attack. “
“Ever increasingly, I’ve found viruses that will sit dormant, sniffing for sensitive information such as usernames and passwords, account numbers, credit cards as well as social security numbers and tax information,” he said. “This information is siphoned off in to online crime groups who sell it to the highest bidder, use it to commit identity theft and steal money or get loans, break in to accounts to steal more information to increase the ‘value’ of the crime.”
Another easy avenue for cyber crime is smartphones. According to the NSCA survey, 8 percent of respondents said they make online bill payments from their cellphones, making compromised mobile devices a very real threat due to lagging security measures and the spread of mobile malware.
“Smartphones have become pivotal within information warfare, because many people do not realize how insecure the platforms can be, and how much information is exchanged through them,” Chamandy said. “A typical smartphone is used for email, telephony and even sensitive banking transactions, but at the same time, a user may be installing insecure or even malware-laced third-party applications that can turn their smartphone device into an information collection resource.”
Luckily, there are several ways to protect personal information. For instance, Andrew Weidenhamer, audit and compliance manger for SecureState, said his company performs privacy assessment for organizations to ensure they are complying with various privacy laws and regulations. As a result, SecureState customers’ private information is better protected, he said.
However, he said, everyone is at risk of getting their identity stolen as their personal information is everywhere and companies are not doing enough to protect it.
Awareness of the risks, is of course, another key element in staying safe, Mihalik noted.
“It is no exaggeration that people will voluntarily give you what you ask them for whether in person, on the phone or over the Internet,” he said. “Because of this reality, education remains an effective computer network defense strategy.”
Contributed reporting by Camille Tuutti.