BETTER BUSINESS BUREAU
Fort Wayne – August 1, 2018 – A recent FTC publication reads like a spy novel. It describes how information stolen in a data breach often ends up on the “dark web.”
A report by the Congressional Research Service describes the different layers of the Internet. Most people only access information in the “surface web” that’s indexed by traditional search engines like Google. Beneath it is the “deep web,” which is content that isn’t indexed for a variety of technical reasons. In the furthest corners of the Deep Web lies the “dark web” where content is intentionally concealed.
Accessing the dark web requires special software and authorization. Some uses are legitimate. The government, law enforcement, journalists, and other entities leverage its anonymity to gather intelligence, maintain privacy in communicating with sources, and protect projects from corporate spies.
However, the dark web also includes “darknet markets” that sell or broker drugs, weapons, counterfeit currency, stolen credit cards, forged documents, unlicensed pharmaceuticals and other illicit goods. A notorious example was the Silk Road website, which was used to sell illegal drugs, malicious software, fake passports and stolen Social Security numbers.
The Identity Theft Resource Center tracked 1,579 data breaches in 2017, a 45 percent increase over 2016. Customer, employee, and other data stolen from businesses and other organizations could end up for sale on the dark web. Identity thieves can place custom orders for the data they want to buy, such as the kind of credit card and geographical information like the zip code. Stolen card information can range from $15 to $50 per card, with platinum and newer cards fetching higher prices.
Cybercriminals can even buy the malware they use to infiltrate databases on the dark web. The form of malware used in the huge Target data breach in 2013 can be purchased there. Within weeks, the Target data was being sold in batches of one million cards.
The services of “account checkers” can also be bought on the dark web. Crooks steal user names and passwords from a non-financial website and then employ account checkers to use that information and brute force technology to gain access to sites that will yield a financial gain. They exploit the tendency of people to use the same user names and passwords across multiple applications.
The FTC says data breaches at companies with millions of customers get the most publicity, but information from breaches that aren’t reported in the media is up to 20 times more likely to end up on the dark web. That includes information from small businesses, restaurant chains, medical practices and school districts. Most breaches the U.S. Secret Service investigates occur at small businesses.
The ultimate victim is the customer or employee whose personal or financial information has been bought on the dark web and used to commit identity theft. People have had their licenses revoked, been arrested, or even had their health jeopardized when criminals used their data to get medical care that becomes part of the victim’s medical records.
The BBB and FTC encourage businesses to use resources provided on our websites to reduce the risk that information they collect ends up on the dark web.
Click HERE for more information on our member Better Business Bureau serving Northern Indiana