The dark web has been a passage for most stolen data that’s sold for illegal activities and anonymity purposes.
It came into the limelight back when Silk Road was discovered and operated mainly in the hidden networks, around five years ago.
Hackers from all over the world have identified a loophole where they dupe large companies after they compromise their stored database to extort substantial money from them.
Identities like names, social security numbers, driving license details, credit card information and other personal data have been compromised with the owners oblivious.
People from all over the world can access the dark web with a click of a button if accessed with the right software.
This makes the sale of identities a chain of a sophisticated and somewhat encrypted path that requires a better form of law enforcement command to counter the illegal activity.
A lot of cases revolve around money laundering, which is the leading crime overlapping the trade of stolen information in the dark web.
Carding, which is vast in general, has significantly contributed to the current rise in credit card theft. Hackers use them in cashing out and probably theft as seen with PayPal, which has been the most affected amongst all modes of cash transfer.
The Purchasing Process
Vendors are working around the clock to sell their commodities through dark web-based markets. According to studies measuring the value of data in darknet markets, a vendor with an extensive database of credit card details can sell one card for about $20 to $40.
Putting in mind the process of identity purchasing in the dark web, it varies with the purpose of the purchase.
For one to get a clear picture of the business, let’s go through the process which is common in most markets, including forums.
The whole process begins with a need for a stolen identity by a person who wants to use it for illegal purposes. Once a need is identified, maybe regarding a credit card or any other, the next process is to search for the best platform to get a vendor with the best deal.
Registration is usually required in most markets where pseudonyms are preferred for security purposes.
Since almost all the vendors transact using cryptocurrencies like Bitcoin and Monero, it is therefore required one to buy them—usually from a site like LocalBitcoins.com or any other trusted exchange market.
Most dark web marketplaces, like Wall Street Market, have some features to protect both the buyer and the seller from being scammed and losing their money.
According to my research, Dream Market—being one of the largest markets—offers a wide range of personal identities from fake national identity cards, passports and much more.
What the vendors require for one to acquire a fake passport are the personal details that the client wants to be included.
This could be the name, photo and other identifying information that will be included in the final copy.
Arrangements are made to ship the finished product to the specification that is convenient for the customer.
After everything is done the right way, the customer is obligated to counter check if the delivered product is in the correct order before finalizing and releasing the funds from escrow.
On the other hand, while purchasing digital goods like credit cards details, including CVV, Fullz and accounts logins, a different process is undertaken all through.
When buying such commodities from darknet markets, a customer loads the cryptocurrency balance that’s enough to buy the required item. Since no physical shipping is needed but rather an encrypted text containing the details, the process takes less time to complete.
Once everything is delivered as requested, the fate of the compromised owner’s details lies with the new holder. Most of the time, they are used to commit cybercrime by concealing the real identity of the criminal.
There are a lot of dark web platforms where criminals discuss how to take their illegal acts to the next level. Most of these are hidden in the corners of the dark web, where they are Tor-protected.
The Fate and Consequences
Cybercriminals have identified a loophole where they are using stolen identities in their illegal activities. In the last decade, criminals have migrated from street runs to one behind a computer where mostly fraud and money laundering has been the order of the day.
According to a report by Cifas, 2017 recorded the highest number of identity fraud in their database of about 174,523 cases in United Kingdom.
This being just a small representation of their study shows the extent to which criminals are pushing the game to the limit.
The United States has also been dramatically affected by the identity theft where there were about 371,000 reported cases in 2017, although a drop from the previous year of around 399,200 reported cases.
As seen with most card holders and real owners of identities, a large percentage do not get to know in the initial stages whether their details are being fraudulently used. This has given criminals a better ground to propagate and buy time to finish up their illegal activities without a glitch.
A lot of online banking systems require phone code verification, which is part of two-factor authentication. This is the sole reason that many criminals are looking for a way to tap into the system and probably cash out the money from the accounts silently.
The purchasing of identities similar to those of the account holders has been on the rise as seen with PayPal theft, which has dominated fraud activities in the last decade.
In countries with high online fraud rates, PayPal has experienced so many problems that it had to close most of its services in fear of continuous fraud cases in those areas.
Other criminals have devised methods to utilize stolen identities, where cases of criminals applying for loans in the U.S. with other people’s identity is on the rise.
According to a 2017 report by Javelin, online fraud has been on the rise with the criminals able to steal about $16 billion last year. Their report also shows that there have been 16 million victims of identity fraud in 2017.
Based on the research made by Javelin, they came up with some security measures to combat identity theft which is a real menace to the current society.
The dark web, which has been the primary place where stolen identities are sold, is significantly being fought in all angles by law enforcement.
The first thing that all consumers should consider is to turn on the two-factor authentication capability wherever possible.
This is a security measure that will ensure in any instance fraudsters try to access their accounts, they get blocked by the system.
Another important recommendation to the consumers by the security experts is to secure their devices.
Since criminals have understood that a lot of transactions and security details are stored in electronic devices like mobile phones, they are going for them.
Securing them using screen locks, encrypting stored data and avoiding using public Wi-Fi, plus other measures, will be of great help to consumers.
The other important feature that consumers need to put into consideration is to place a security freeze on their accounts the minute they notice any suspicious activity.
To protect consumers from online theft, financial advisors are advocating for every credit card holder to limit their online transactions. In addition to that, they should systems like Verified by Visa or MasterCard’s Secure Code.
These best-practices and many others will significantly reduce identity theft and fraud cases, but unless everyone remains vigilant, hackers and fraudsters will continue with their illegal acts.
As the law enforcement agencies continue to fight dark web criminals, more cases of identity theft will continue under the hidden networks.