In the past, basic steps preventing identity theft and having good security meant shredding documents, occasionally changing your passwords, and not trusting any members of a royal family offering their wealth in a random email.
As we’ve progressed into the digital age, the security threats posed are far more complex and serious. Our lives are based online; our finances, important legal documents and entertainment are often tethered online in one way or another.
With enough personal information and basic technological knowledge, even a thief with limited skill could potentially gain access to some of your most important accounts.
The Dark Web is the criminal underbelly of the Deep Web, where criminals can openly sell access to restricted and illegal products. Weapons, drugs, stolen items, banned material and information are common finds on dark web markets.
The dark web is accessed using Tor (The Onion Router) browser, a secure* and anonymous platform that hides a user through multiple layers of connections.
*It is still advised that you use a VPN while using Tor, as there are ways people constantly seek to breach the security behind Tor.
Information is an incredibly lucrative business for hackers and scammers. As most people have multiple online accounts, if a hacker gains access to one of your accounts it typically leaves your other accounts easier to hack.
For instance, we found examples where individuals with access to nonpublic companies could receive up to $25,000 for leaking sensitive stock data. This is highly illegal, and maximum penalties in the USA include 20 years in prison along with a $5,000,000 fine.
Financial accounts are the endgame for many, as access to bank cards and online wallets such as PayPal can be worth thousands of pounds.
Sites on the dark web such as Financial Oasis and PayPal Cent are major marketplaces for stolen financial information, where people can pick and choose accounts of their liking. Information such as the victim’s origin country, whether they have a card linked to their PayPal and the balance are openly listed.
Here is a list of how much a hacker charges for a victim’s information:
|Amazon Gift Card||$2,000||$700|
|Amazon Gift Card||$500||$175|
|Bank Card||$800 - $1,000||$79|
|Bank Card||$500 - $750||$64|
|Bank Card||$200 - $400||$49|
With basic knowledge of your accounts, it can be much easier for hackers and scammers to steal your identity, but just how much would it cost for them to scam their way into your life?
There are programs openly available that will force entry to multiple social media accounts for as cheap as $12.99.
Using the information they gain from your social media, they can do various things:
Sell the account on or transfer available funds.
Verify themselves as you.
Purchase items using linked cards.
Steal personal information from private messages / hidden information.
$40 - $200
$50 - $200
*Personal Information includes Name, Address, Phone Number, Credit History
Upon inspection of ID vendors, we discovered that people were selling Passports and Drivers Licenses, the combination of accurate personal information and a convincing forgery could spell disaster for a hacking victim, as criminals could impersonate them.
PASSPORT, ID &
Data breaches are a major threat to many, with major apps such as Dubsmash losing 15.5 Million users email addresses and passwords. More sensitive breaches such as MyHeritage could potentially contain vast amounts of personal data, which could assist hackers and scammers in securing access to more accounts.
Below is the cost of access to each of the breached databases, and the amount of records the access will secure you. These breaches can vary from basic information to detailed health and device information.
Please bear in mind that these databases can be leaked once they’ve been released for a certain amount of time, and become readily accessible to many users for free very quickly.
There are some tall tales regarding the dark web that have caused it to be largely misunderstood, leaving people vulnerable to potential dangers, but also misinformed as to lawful and morally justifiable usage. Good examples of the dark web being used in a positive way are journalism and whistleblowing. Journalists are able to securely communicate and collect information without the worry of their identity being exposed.
Many people believe that accessing the dark web is illegal within itself, which is false. The dark web is heavily encrypted and some countries have made high levels of encryption illegal, however, these are countries such as China, Russia, Iraq, Turkey and North Korea.
A vast amount of people believe that accessing the dark web requires high levels of skill, when in reality it is safely accessible to many, providing they follow precautions and keep their wits about them. To read more about safely accessing the dark web, the legality of actions as well as basic and advanced advice, view this dark web guide.
The dark web is often seen as dangerous for good reason, there are people with malicious intent and there are pitfalls everywhere for those who aren’t prepared to a good standard.
Attached is a screenshot that was taken of a site dedicated to openly publishing information on people, including name, address and contact information. They verify the accuracy and even track whether the victim has been “swatted” - a federal crime which recently resulted in the death of a victim.
Financial Oasis One particularly notable find was a site that would provide pre-recycled banknotes. It shows a concerning level of power that some of the vendors have on the dark web.
The Paypal Cent Often the vendors offer an FAQ page that shines a light on how they provide their services or greater detail. This site cites that they’d recently had major trouble with the authorities when it came to emptying accounts on a mass scale - and found it safer to sell the details and earn their income from the proceeds.
Doxbin Homepage The concept of doxing is a particularly scary one. Publishing someone’s entire life online, as much revealing information about their location, contact information and even their family. This site openly encourages that people submit accurate doxes, and even tracks whether people have committed felony crimes to harass them.
FakeID Homepage This site is dedicated to fake identification, including but not limited to passports, ID cards and driver’s licenses. They claim to have real levels of accuracy, being able to incorporate the extra security steps of certain inks and stamps.
The Stock Insiders Above is an anonymous platform where individuals with access to nonpublic companies could receive up to $25,000 for leaking sensitive stock data. This is highly illegal, and maximum penalties in the USA include 20 years in prison along with up to a $5,000,000 fine depending on the severity of the leak.
If you believe your information has been stolen and your accounts have been compromised, here are some steps you can take to recover properly.
Seek to stop thieves access, notify your bank and places where you hold the breached accounts. You may be required to freeze your accounts to prevent further malicious activity.
Find what they managed to obtain from you, it could be sensitive information or financial details/money.
Take steps to see if losses can be claimed back, allow police to conduct an investigation if applicable.
Set new standards for safety such as password management, antivirus, VPN and making personal information less public on social media.
It is advised to secure your accounts with 2 Factor Authentication (2FA), in this case, any attempts made to log in to your account will have to be verified with a randomly generated code or password.More on 2 factor authentication
Using a password manager is an incredibly effective way of avoiding weak links in your online life, services such as LastPass have vaults that automatically generate unique, complex passwords and store them in a secure ‘vault’.More on password managers
It is also incredibly beneficial to use a VPN when connected to the Internet, your traffic is anonymous, secure and you have access to a less restricted platform.More on VPNs
Installing reliable antivirus software can help prevent multiple types of breach including spyware and Trojan horses. Both spyware and Trojan horses are common ways of obtaining login details from devices.More on antivirus software