The deep web is a vast realm of miscellaneous information and dead websites that makes up the majority of the internet. However, it also consists of an anonymous space in which criminal activities like drug dealing, arms trading, and bidding on your sensitive and private information occur daily. With most companies implementing work from home orders in the wake of COVID-19 restrictions, the risk of data breaches and stolen records has increased dramatically. Research has shown that 37% of employees working from home have faced an increase in potential phishing attack risks, due to the increased reliance on remote communication in companies.
In 2019, 25 million records were lost to the Dark Web including individual, medical and corporate records subjected to the increasing reach of data breaches.
However, that’s nothing compared to the staggering 386 million stolen records that have been given to the Dark Web in 2020 already.
The numbers of stolen records have increased tremendously by each year and the dark web only flourished during the pandemic. The usage of the internet and online shopping that requires personal information increased substantially with the prolonged stay at home order.
Your True Worth On The Dark Web…
The affordability of your information is unsettling. Experian conducted an investigative report on the availability of private information on the dark web and found some disturbing results.
If your information ends up on the dark web, someone can purchase;
your SSN for as little as $1,
your driver’s license for $20,
and only need to spend $30 for “fullz info,” a complete breakdown of your personal information from birthdate to account numbers.
More difficult data to acquire or replicate, such as diplomas and passports, can cost anywhere from $100 to $400 and $1,000 to $2,000, respectively.
PayPal accounts are among the most commonly listed items on the Dark Web, as well as the credentials for a bank account with a minimum balance of $2,000 USD for a small fee of $65 USD. While most of the personal information on the dark web was acquired from large scale data breaches of large corporations throughout the years; it takes little to no effort for someone to acquire enough of your private information to access bank records, health records and much more. The web accessed by search engines, also known as the “clear web”, is said to be only a fraction of the size of the deep web that is accessed through paywalls and sign in credentials.
Exposed on the Dark Web
Dan Patterson, a blogger for CNET, underwent his own dark web investigation with a colleague and discovered trouble. His colleague’s information was part of a “fullz” dump: everything from their SSN to their address, along with the info of thousands of others, was available for the low, low price of $69. Patterson’s exposure was worse; his name, email and other information associated with his current phone number was readily available to anyone who wanted to use it. Keep in mind, neither Patterson nor his colleague had any inkling that their information was on the dark web until they went looking for it.
Some are luckier than Patterson and receive an update from their financial institutions when their information is detected on the dark web. Angela Colley, a blogger for the website Make Change, received a warning from her bank about a data breach and assumed it was all a scam. Upon further investigation, she found not only was her bank serious about the compromised nature of her personal information, but she also found that her information was present on nine different dark web searches.
Among phishing and stolen information, there are trends seen with industries most taken advantage of. Verizon broke up the most phished industries by the size of the companies. Healthcare and Pharmaceuticals were more likely to be attacked in the industry of companies with under 250 employees, while Technology companies were most likely to be attacked in the industry with over 1,000 employees.
The Opposite of a Friendly Invitation
Evite, the popular social planning service, was, like many companies in 2019, the victim of a massive data breach. A particularly prolific hacker, who goes by the name of Gnosticplayers, stole more than 10 million Evite users’ records, ranging from IP addresses to passwords.
Gnosticplayers is estimated to have stolen over 840 million records in their notorious career and sold millions of records at a time for thousands of dollars.
These are catastrophic numbers for companies. To provide perspective on the numbers at work, Gnosticplayers asked for $1,900 in Bitcoin for the 10 million Evite records, but the average cost for a company to remediate a data breach is anywhere between $1.25 million and $8.19 million, at an average rate of $150 per record. In 2017, Equifax experienced the largest data breach in US history, one that put upward of 145 million people at risk, and paid a settlement of $425 million to the Federal Trade Commission.
According to the Verizon 2020 Data Breach Investigation Report, the most common types of data stolen are credentials, personal data, internal data, medical data, and bank information.
Money, Drugs, & a Life-Sentence
The dark web is becoming a significant influence in the greater marketplace. The revenue that Gnosticplayers generates pales in comparison to the amount made by someone selling narcotics on the dark web. In 2013, Ross Ulbricht, creator of the drug marketplace known as the Silk Road, was sentenced to life in prison for drug trafficking and possession of $3.6 million in illegally-acquired Bitcoin. While in operation, the Silk Road generated $1.2 billion in narcotics sales, selling everything from marijuana to synthetic opioids. With money moving in these quantities, it’s impossible to ignore the growing prevalence of the dark web.
The problem is too big to ignore.
These horror stories aren’t something out of CSI: Miami. They are real events that take place right now under our noses. The dark web is truly the wild, wild west of the digital era.
The Rising Tide Between COVID-19 & Scams
During the peak of quarantine and COVID-19 cases, there was also a rise in scams and hacking. During the work from home order, most schools and companies were interacting daily through the video communication software called Zoom.This led to an influx of hacking into private and protected Zoom meetings, which resulted in the new term of “Zoombombing”.
Multiple students at colleges have experienced “Zoombombers” hacking into her class on multiple occasions. The most concerning hack occurred when a man showed up in the Zoom class wearing a Gas Mask, with the first, middle, and last name of a student that had already been counted as absent that day.
On the surface these “Zoombombings” may seem essentially harmless, however it is important to understand that the information to hack into a secured Zoom meeting was purchased, meaning that this college student unknowingly had sensitive information for sale on the Dark Web.
In addition to Zoom threats, Truecaller Insights has reported that 22% of US citizens fell victim to phone scams in 2020.
Scammers have increased the tactics they use stemming from the hysteria of the pandemic by focusing on contacting innocent citizens about COVID-19 tests and stimulus checks to lure private information out of them. These individuals often prey on the elderly making false claims about credit card fraud, selling fictitious products and more creative claims to entice sensitive information such as credit and social security card numbers to sell on the Dark Web. Due to the immense amount of data that is available on the internet, hackers are able to make a believable claim and be seen as a trustworthy person after repeating personal information. For example, many scammers will say to elderly individuals that their grandchildren are in trouble and need help.
Various Dark Web marketplaces took advantage of the fear during the beginning of the COVID-19 outbreak. Due to the global shortage of medical equipment like masks and gloves, the dark web was able to prey on this fear and scam people into buying face masks on the dark web. A horrifying reality that was brought to light due to the authorities in Thailand breaking up an operation of a vendor washing, ironing and reselling used masks to underground markets.
With the upcoming Presidential election, data breaches are to be expected after the information that was revealed about the foreign involvement in the 2016 election. On October 18, 2020, a data breach occurred with over 200 central computers for Chenanago County, NY. These computers contained sensitive information from voters that had been requesting absentee ballots over email, and the hacker was demanding a ransom of $450 per computer.
It is easy to become overwhelmed with the amount of personal data that is easily stolen and accessible on the Dark Web, however it is important to remember and implement safety measures into everyday technology use. A few of the easiest and quickest tips to start with are frequent password changes, monitor your credentials and sensitive accounts, have a plan set in place in the event that your personal data is compromised, and run a dark web scan. Use the internet with caution and do your due diligence on where you are presenting your data online.