Skip Tags

Popular Tags

Decorative icon

The Resource Center Online Security Issues & Protection | post

Shadowy Web portals provides a home for identity theft criminals

by Steve Schwartz on

Psst - wanna buy a hot identity? It's relatively easy these days as, more and more, identity theft is being facilitated by an international web-based underground network of buyers and sellers.

ID theft is no longer a mom-and-pop crime. It's become big time with highly organized crime rings now responsible for tens of millions that annually are swindled through the use of stolen personal information. That information is being bought and sold and then sold again in the darkest recesses of the Web.

One example is the Russian Business Network (RBN),  apparently based in St Petersburg, Russia. I say apparently because as VeriSign, one of the world’s largest internet security companies puts it, RBN has no legal identity; it is not registered as a company; its senior figures are anonymous and only known by their nicknames. Its web sites are registered at anonymous addresses with dummy e-mails. It does not advertise for customers. Those who want to use its services contact it via internet messaging services and pay with anonymous electronic cash.

As reported in the Washington Post "groups operating through the company’s computers are thought to be responsible for about half of last year’s incidents of “phishing” - ID theft scams in which cybercrooks use e-mail to lure people into entering personal and financial data at fake commerce and banking sites."

These days, there are a large number of shadowy internet marketplaces – many based abroad and almost out of the reach of U.S. law enforcement – where stolen databases of personal information can be bought and sold. Stolen credit card numbers reportedly are sold for $6 per thousand - yes per thousand. Complete packets of personal information on individuals are readily available containing Social Security numbers, banking information, birth dates, addresses, parents' names and other information that might be necessary to answer the security questions that many commerce sites ask.

The latest wrinkle in the identity theft underworld, according to Reuters, the international news service, is the ability to buy bundles of bogus Instagram or Facebook "likes" which would allow a buyer to theoretically generate positive buzz for a company or individual.

"These fake “likes” are sold in batches of 1,000 on Internet hacker forums," said the Reuters report, "where cyber criminals also flog credit card numbers and other information stolen from PCs. According to RSA (the security division of EMC Corp), 1,000 Instagram “followers” can be bought for $15 and 1,000 Instagram “likes” go for $30, whereas 1,000 credit card numbers costs as little as $6."

This is of more than academic interest to you and me. This thriving underground marketplace for stolen personal data shows there is a market for our personal information, yours and mine. It means that identity theft is very real, and more and more it is touching us all. It means we need to guard our personal data; we need to be aware who has our data and how they are safeguarding it, and we need to have a plan in place as to how we will respond if we find our data has been compromised.