The Black Digital Market: how they buy, sell and negotiate their data after a violation

Data violations It happens every day, and they are rarely random. The majority come from deliberate and directed cyber attacks or the exploitation of passed security failures, allowing criminals to infiltrate systems and steal confidential information. This may include anything, from email addresses and passwords to social security numbers, credit card data, medical records or internal corporate documents.

It sounds alarming (and it is), but what really happens after your data is committed? Where is it going once it has been dragged by a violation? Understanding this process is not only revealing, it is a critical step to know how to protect yourself in an increasingly more data based on a world.

Where do your data go after a rape?

Once your data is committed to a violation, it becomes a merchandise, something that will be bought, sells or negotiated. It can be sold on its own, but more often it is included with other stolen information as part of a larger data set. The computer pirates or attackers responsible for the violation are generally not those who end up using their data. Think about it as a theft of luxury jewels: thieves are not stealing the items to use them, they are after the profits they can obtain selling them to others. Similarly, your data is just a valuable asset in an underground market.

Information is only valuable whenever it is new and usable, so it is often sold as quickly as possible. Where can you find it? Let’s review the most likely destinations:

1. The dark website: There are many markets for user data in the Dark web since it is not regulated or moderate as the web surface. The attackers use non -indexed dark websites to convert the data into profits without worrying that a web host or owner of the platform delivers their data to the application of the law. Credit cards, session, social security numbers, passports and any other type of identification information that may be thought, negotiated and sold here.

2. Safe messaging applications: Messaging services encrypted As Signal and Telegram are excellent tools for anonymity and privacy. While such applications are invaluable for journalists and help users control their information, some criminal groups use these platforms to make chats treated in user data.

3. Forums/chats of only invitation: The web surface has its fair part of forums, chat rooms, applications and sites that deal publicly with stolen data. These resources are generally moderated and maintained under a strict invitation system to limit the risk of being discovered by the police.

4. In public: Some infractions are made public without any direct sale of data. Government or company complainants have adopted this approach to disseminate information as much as possible. In the same way, certain computer pirates have moral or ethical reasons for attacks, such as Ashley Madison Breach In 2015, which launched the identities of all users because the site is a center for adulterous relationships.

5. In private: The most careful computer pirates deal internally with other malicious groups and ensure private clients for user data, company secrets and other leaked information.

Like a regular market for goods and services, prices change according to supply and demand. If you are interested in the approximate price that the information is sold in several markets, Impatacyffires performs a detailed analysis every three years of the amount of user data on the dark website.

What information do cybercriminals buy and sell?

Dark web markets are as varied as a weekend farmers market. There are sites and centers to essentially, all forms of identification information. From email accounts to social security numbers, a little of everything is available for the right price. Below are the three most common categories of data sold with short residents that detail how each type is used:

1. Payment cards: Also known as “Cardado”, criminals will buy packages of details of the card filtered with the hope of making fraudulent purchases.

   
   
   

   

   Get our best stories!

   Stay safely with the latest news and security updates
   

   
   

   Register for us Security observation Bulletin for our most important privacy and security stories delivered directly to your entrance tray.

   Register for us Security observation Bulletin for our most important privacy and security stories delivered directly to your entrance tray.

   By clicking on registering, he confirms that he is over 16 years old and accepts our terms of use and privacy policy.

   Thanks for registering!

   Your subscription has been confirmed. Be attentive to your entrance tray!

2. Site credentials: Social network accounts and email profiles can be subject to an attack to publish defamatory content. More often, computer pirates steal these accounts to carry out more social engineering or phishing attacks against unsuspecting individuals.

3. Personal documents: Passports, social security numbers and birth certificates are just some of the most sensitive documents that criminals pay with the objective of identity theft.

Other categories include encryption wallets, transmission service session, verified paypal and medical information accounts.

What can you do to protect your data?

It is difficult, if not impossible, eliminate each trace of your personal information online. However, there are Steps you can take That will make you much less vulnerable to attacks. A good Password administrator It is an easy first step that will ensure that it is protected in case of rape. TO VPN You can block your traffic and prevent your Internet Services Provider (ISP) or any third -party advertiser Building a profile About you

Adjust your privacy settings in social media accounts to prevent unrecognized accounts from traveling their pages. It is also worth eliminating information on identification from your publications and has, as your workplace, address and relationship state. Simply limiting what you share can make it much more difficult for a hacker addressing you or obtaining updated information that can be used against you.

Similarly, keep in mind what information is giving a website when you register for an account or make a purchase. In case of doubt, it is worth using unique payment methods, electronic burner and a PO picture to maintain its true confidential identity.

If you are subject to data violation, be sure to monitor related accounts. If a site from which you have made a purchase has leaked the payment data, then it may be necessary to block your payment cards and notify your bank. In case of stolen confidential information, you may have to freeze your credit. Monitor news and monitor the events is not always feasible. Data deleting services You can do hard work for you and at the same time monitor the dark network to obtain leaks with your information in them.

Regardless of the tools you use, adopt a proactive approach to privacy. Otherwise, you can find damage control while a cybercriminal wreaked havoc on your stolen data.

About our expert

Justyn Newman

Senior writer, security

---

Experience

My writing trip began in 2012 and has taken me through several niches, but my main approach has always been in technology. I contributed to several hardware and growth software sites, focusing on games, peripherals and privacy.

As the amount of information we publish on the Internet has grown, so the threats and tools we use fight them. With the VPN winning traction in the late 2010 decade as a tool for the public instead of only one option for business security, I found innumerable options in this continuously changing panorama.

This led to my role before PCMAG in Wizcase, where I perfected my knowledge of VPN and privacy tools and finally supervised all the content produced. I will lead a talented team from other writers and editors to evaluate VPN, password administrators, antivirus and parents’ controls.

Read complete biography