As a society, we’ve never been so interconnected before. The internet provides a useful tool for communication and has made our lives easier in many respects. Now you practically run all your affairs online – from banking to running a business. We share everything online.
The downside of this connectivity and sharing is that it leaves you more vulnerable to attacks from cybercriminals. Just consider for a minute how much of your personal information is stored online. Big companies harvest data about our activities online, we share personal details on social media, and we conduct financial transactions online.
There are many more examples that we could site. All this online activity leaves a very clear data trail that hackers can exploit. And it’s not just our banking details that they’re after – information online is a commodity for the experienced cybercriminal.
In this post, we’re going to take a slightly different tack. We’re not going to go create a piece about how to defend yourself against cybercrime. There is an abundance of information about it online. It’s also a topic that anyone who has had security awareness training will know a lot about.
Instead, we’re going to focus on the information that cybercriminals look for and what they do with it.
How a Hacker Might Sell Your Information
There are a few ways for the hacker to make money. But the first thing that they’ll do is to create an inventory of their “merchandise.” Names and addresses without passwords are valuable but not as valuable as credit card details.
- The hacker will sort the simple names and addresses and create a package with those. There are no passwords in this round.
- They’ll then look to the username and passwords that they’ve uncovered. They’ll sort these out according to importance. A password for a large corporate or a government department is a lot more valuable. These may also be packaged together or the hacker might use them himself.
- Finally, the hacker will look for financial information, like credit card details. The hacker may use these themselves, but it’s usually just easier to batch them up and sell them on.
Once they’ve sorted the data to their satisfaction, they’ll usually list it on the dark web on a site such as Dream Market. They can opt to sell batches of information or to sell one set of information at a time.
Generally speaking, it’s easier to sell off a batch of data. Unless a hacker has a password that is very sought after, like a government defense agency password, it’s usually simpler to stick to batch sales.
According to TechCrunch, an unknown hacker listed a treasure trove of data on Dream Market at the beginning of 2019. This consisted of around 841 million records snatched from 32 companies.
He batched the information into three parts. These could be bought for between $9 350 and $20 000. Buyers had to pay via Bitcoin.
The Dark Web is not the only place where criminals can sell data. Paige Thompson, the person behind the Capital One attack, had the files stored on GitHub. They might also use team management sites like Slack to post information that they want to sell.
Wherever they’re selling the data, the point is that it’s out there. The newer the data, the more valuable it is. And, just like a real business, the hacker will run sales from time to time as well .
How Do They Get the Information?
Launch a Phishing Attack
This is where they recreate a secure site that you use to the smallest detail. They’ll send you an email that makes you want to check the account immediately. They might tell you your accounts have been hacked, or that you’ve got to claim a refund. You’ll click through to the dummy site and input your username and password and they’ll record that.
Infect Your Computer With Malware
Malware doesn’t just target the information on your computer. Keylogging programs can track what you type. So, when you enter your username and password on a site, they send that information to the hacker.
Use Social Engineering
In this instance, they’ll make contact with you personally. They’ll try to make friends and get you to trust them. Then they’ll work on getting you to give out your personal information.
Hack a Less Secure Site
77% of Americans use the same password on various sites. Hackers take advantage of this by hacking a site that’s less secure. They then create a bot to test the usernames and passwords at a site that has your valuable financial information.
Financial information is a popular choice for hackers. In the United States in 2018, the banking sector was the hardest hit. This sector lost $18.37 million in 2018.
They’ll use your banking username and password to transfer money from your account. They might use your credit card details to buy gift vouchers and the like online. They might even file a false tax return on your behalf and steal your refund.
Or, if they’re not interested in that, they’ll package up all the information and sell it.
This includes things like your full names, government identity number, address, and so on. These details can be used for:
- Identity theft: They can apply for credit in your name, use the details to create fake documents for illegal aliens, or use your name during encounters with the police.
- Set up fake profiles to use for social engineering: If they do get caught, they’re harder to track down. You may even have to prove that it wasn’t you that set up the scam.
Wrapping it Up
Data online is like gold. There’s always someone who is interested in it. That’s why we as a society have to start being a lot more careful about what we put out there.
About the Author: Chris Usatenko
Chris is a growth marketing and cybersecurity expert writer. He’s passionate about cybersecurity and has published hundreds of articles in this area. He’s particularly interested in big data breaches and big data companies. He’s proud of his contribution to high-levels sites such as “Cyber Defense Magazine,” “Social Media News,” and “MTA.” He’s also contributed to several cybersecurity magazines. He enjoys freelancing and helping others learn more about protecting themselves online. He’s always curious and interested in learning about the latest developments in the field. Follow him @CUsatenko