- Russian bots targeting Joe Biden on Instagram Monday 10:04 PM
- TikTok takes down 2 dozen ISIS accounts being used for recruitment Monday 9:38 PM
- British judge refuses to delay WikiLeaks founder Julian Assange’s extradition hearing Monday 8:01 PM
- Indicted Giuliani associate Lev Parnas’ private Instagram filled with Trump connections Monday 7:22 PM
- ‘Bomboclaat’ is the new ‘sco pa tu manaa’ Monday 7:00 PM
- Lori Harvey reportedly trying to walk away from car crash spawns memes Monday 6:00 PM
- In Netflix’s ‘Upstarts,’ Silicon Valley CEOs are the good guys Monday 4:35 PM
- This video of a tree struck by lightning is… relatable? Monday 4:13 PM
- How to watch ‘Keeping Faith’ Monday 3:37 PM
- ‘South Park’ at the center of $500 million streaming war Monday 3:16 PM
- Pizza Hut and Papa John’s employees pranked into talking to each other on the phone Monday 2:34 PM
- Twitter bullies brought Jordan Peterson to tears Monday 2:24 PM
- 25 last-minute Halloween costumes for those with no time to shop Monday 1:30 PM
- Krassensteins return to Twitter and are immediately suspended Monday 1:01 PM
- Tom Brady insists he didn’t parody Robert Kraft in ‘Living with Yourself’ cameo Monday 12:52 PM
When everyone wants to steal your identity, you’re practically worthless
One aisle of the Web’s black market is becoming awfully crowded.
It’s never been easier to swipe a credit card number or remotely access a computer, which you’d think was good news for hackers who make a living on pilfered data. But as cybercrime comes into its own as a commodity—technical novices can now outsource anything from a DDoS attack to a doxing—competition has increased, and prices have dropped.
Joe Stewart, Dell SecureWorks’ director of malware research for the counter threat unit, partnered with independent researcher David Shear to analyze trends in the shadowy market for such services and found that they’re getting more affordable. A stolen personal identity costs 37 percent less than it did in 2011, when they last gauged pricing: $25 for a U.S. citizen, $40 for someone from another country. Such “fullz,” dossiers of credentials for an individual that include “[p]ersonal Identifiable Information (PII), which can be used to commit identity theft and fraud,” had once fetched $40 and $60, respectively.
When anyone’s information can be appropriated, as it turns out, you aren’t really worth much. On average, it’s about $4 to get someone’s Visa card details, $11 to snag a date of birth, and $90 to infect 5,000 computers with malware. Even hiring someone to hack a website and siphon out data can be as cheap as $100, though operators with enough of a reputation tend to charge more. All the same, as more people acquire these skill sets, the more we’re likely to see a Walmart effect, with basement bargains an increasingly common sales tactic.
“I expected to see the drop,” Stewart said, given the increasing commonality of major data breaches and digital vandalism. “The best thing we could hope for was for these prices to be very high. It would be a more encouraging trend if the prices increased.” Even worse, the products offered have been enhanced, and now take into account additional security measures designed to disrupt this exact sort of activity:
“[H]ackers have come to realize that merely having a credit card number and corresponding CVV code (Card Verification Value–the 3 or 4 digit number on one’s credit or debit card) is not always enough to meet the security protocols of some retailers. Hackers are also selling cardholders’ Date of Birth and/or Social Security Number. Having this additional information would allow a hacker to answer additional security questions or produce a fake identification, to go along with a duplicate credit card. VBV (Verified by Visa) data is also being sold. VBV is another password or piece of data assigned to Visa card holders to help defend against online fraud.”
Cybercriminals have evolved along with the digital landscape, and perhaps unsurprisingly, created a cutthroat, zero-sum economy in the process. What value will the Internet have when every website can fall under hostile control and anyone can become someone else? One imagines a worldwide game of musical chairs. Whatever the outcome, we’re bound to found out soon enough.
Photo by Giorgia <3/Flickr
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'