- What is the TikTok drink and can you still get it? Thursday 9:27 PM
- “Party, Party, Party” TikTok meme grapples with party culture Thursday 8:43 PM
- Baby Yoda was just added to Sims 4 Thursday 7:54 PM
- Religious conservatives petition Netflix to pull ‘gay Jesus’ Christmas comedy Thursday 7:19 PM
- Kylie Jenner criticized for yet another expensive car post Thursday 5:57 PM
- Apex Legends became a major Pornhub search in 2019 Thursday 5:15 PM
- CBS accidentally interviewed InfoWars host as regular Trump supporter Thursday 4:31 PM
- TLC accused of fatphobia, fetishization with show about ‘mixed-weight’ couples Thursday 3:41 PM
- Betting odds show KSI could fight FaZe Sensei, Jake Paul, or Justin Bieber next Thursday 3:20 PM
- Nick Cannon releases another thirsty Eminem diss track Thursday 2:59 PM
- Dogs at polling stations are helping bark out the vote in the U.K. Thursday 1:00 PM
- Streamers dominated Pornhub searches in 2019 Thursday 12:59 PM
- Pro and anti-boot factions emerge in wake of ‘Wonder Woman 1984’ trailer Thursday 12:31 PM
- The ‘Rise of Skywalker’ press tour has turned into a rehash of ‘The Last Jedi’ Thursday 12:18 PM
- What’s in a TikTok username? Thursday 12:00 PM
When everyone wants to steal your identity, you’re practically worthless
One aisle of the Web’s black market is becoming awfully crowded.
It’s never been easier to swipe a credit card number or remotely access a computer, which you’d think was good news for hackers who make a living on pilfered data. But as cybercrime comes into its own as a commodity—technical novices can now outsource anything from a DDoS attack to a doxing—competition has increased, and prices have dropped.
Joe Stewart, Dell SecureWorks’ director of malware research for the counter threat unit, partnered with independent researcher David Shear to analyze trends in the shadowy market for such services and found that they’re getting more affordable. A stolen personal identity costs 37 percent less than it did in 2011, when they last gauged pricing: $25 for a U.S. citizen, $40 for someone from another country. Such “fullz,” dossiers of credentials for an individual that include “[p]ersonal Identifiable Information (PII), which can be used to commit identity theft and fraud,” had once fetched $40 and $60, respectively.
When anyone’s information can be appropriated, as it turns out, you aren’t really worth much. On average, it’s about $4 to get someone’s Visa card details, $11 to snag a date of birth, and $90 to infect 5,000 computers with malware. Even hiring someone to hack a website and siphon out data can be as cheap as $100, though operators with enough of a reputation tend to charge more. All the same, as more people acquire these skill sets, the more we’re likely to see a Walmart effect, with basement bargains an increasingly common sales tactic.
“I expected to see the drop,” Stewart said, given the increasing commonality of major data breaches and digital vandalism. “The best thing we could hope for was for these prices to be very high. It would be a more encouraging trend if the prices increased.” Even worse, the products offered have been enhanced, and now take into account additional security measures designed to disrupt this exact sort of activity:
“[H]ackers have come to realize that merely having a credit card number and corresponding CVV code (Card Verification Value–the 3 or 4 digit number on one’s credit or debit card) is not always enough to meet the security protocols of some retailers. Hackers are also selling cardholders’ Date of Birth and/or Social Security Number. Having this additional information would allow a hacker to answer additional security questions or produce a fake identification, to go along with a duplicate credit card. VBV (Verified by Visa) data is also being sold. VBV is another password or piece of data assigned to Visa card holders to help defend against online fraud.”
Cybercriminals have evolved along with the digital landscape, and perhaps unsurprisingly, created a cutthroat, zero-sum economy in the process. What value will the Internet have when every website can fall under hostile control and anyone can become someone else? One imagines a worldwide game of musical chairs. Whatever the outcome, we’re bound to found out soon enough.
Photo by Giorgia <3/Flickr
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'