k_Street Consulting, LLC Blog
What’s Your Personal Information Worth on the Black Market? It’s All About Supply and Demand
If your company’s sensitive data was to be put up for sale, how much do you think it would go for? Chances are, you may be guessing a little high, which makes things worse for businesses in such a situation. Assuming that your data will be sold for a premium price will likely lead you to believe that fewer criminals will access it than actually will.
How to Sell Stolen Data
Since selling stolen data is illegal, the favored place to put it up for sale is the dark web. This is because the dark web can only be accessed through special software that hides the user’s identity, and requires all transactions to be made in Bitcoin. This way, illegal items can be sold like any item on a typical merchant website would, including ratings provided by previous buyers.
These illegal items that are put up for sale are usually the kinds of things that criminals would find useful. This includes cyber criminals, who will exchange cryptocurrency for stolen data. For example, let’s say for a moment that your company had fallen victim to a cybercriminal who had managed to steal corporate bank account credentials and credit card info from a variety of businesses.
This cybercriminal could set up a seller’s page where potential buyers could place an order for data, charging these buyers based on what specific information they wanted.
For instance, the buyer could be interested in cards provided by Discover, and specify that in their order. What’s more, they could specify whether or not they wanted the security codes (the login credentials that the card was associated with), the date the card expires, where the card has been used, the name the card is under and that person’s date of birth, credit score, and even their mother’s maiden name. These variables influence the cost, as once the transaction is complete, the data is ready to be downloaded.
How Much Data Costs
Even illegal markets are subject to the laws of economics. For instance, the concept of scarcity dictates that the less of a good that is available, the higher its value, and vice versa. This is true even of stolen data--and because the market for stolen data changes pretty quickly, these prices are apt to change very quickly as well.
However, that does not mean that it is impossible to get a feel for the what is generally charged for stolen data. For instance, purchasing the comprehensive data for a stolen credit card (described as “fullz” in dark web slang) will set someone back by some amount between $13 and $21.
Depending on the data up for sale, pricing can vary as well. Financial accounts are priced based on their contents--an account holding $2,000 might cost a cybercriminal $100, and an account that holds $15,000 might cost the buyer $1,000. Recent events have caused a drop in the prices of compromised electronic medical records, so what would once cost about $350 now costs around $100.
Why It Matters
Consider, once again, the cost of stolen credit card credentials. If all a criminal needs is $13 to purchase stolen credit card data, it stands to reason that more credit cards will be sold, feeding back into the demand to steal more credit card data. These credentials have to come from somewhere, after all, so many cybercriminals will look to replenish their stock of credit card data; often targeting businesses. How well protected is yours?
Remember, most cybercriminals are looking for the easy target to steal data from. k_Street Consulting, LLC can help keep you from being the easy target. Give us a call at (202) 640-2737 to keep your data safe.
Comments