This Is What Your Identity Sells For On The Dark Web

Millions of Americans who trusted Equifax with sensitive personal and financial data, including social security numbers and credit-card information, are now nervously wondering whether they will be among the unlucky minority of affected customers whose identities are successfully “repurposed” by online criminal groups.

One researcher from security firm SecureWorks shared some details about today’s burgeoning marketplace for stolen data with Bloomberg, and the conclusion is clear: It is now easier – and cheaper – for criminals to access and abuse illicit data than ever before. In fact, a high-limit American express card with a high chance of working can be purchased online for less than $20. Criminals can buy files with thousands of low-limit card numbers for pennies on the dollar.

According to Bloomberg, “verified” high-limit credit cards from developed countries like the US, Japan, and South Korea are selling on the dark web for the bitcoin equivalent of about $10 to $20.

“Verified” means the seller has tested out transactions on the card and found it hasn’t been canceled yet. For scammers on a budget, there’s unverified stolen credit card data, which comes out to pennies a card when bought in bulk.

Here’s a screengrab from one dark-web marketplace.



Luckily for criminals, cards generally aren’t selling any cheaper on the dark web these days, said Alex Tilley, a researcher at Secureworks. Today’s buyers are more likely to get higher-quality cards, ones with sizable limits that can be used fraudulently with ease. It isn’t as hit-or-miss as it used to be, a welcome change for criminals, chilling news for most of us.

Criminals have even set up sophisticated “rating systems” to help value the data. Business cards are preferred, Tilley said, because they don’t have a limit. Those and high-end personal cards—say, a Platinum American Express that has been verified and has an 85 percent rating (judged by the seller to have an 85 percent chance of being successfully used in a fraud)—will go for $15 to $20. A regular Mastercard that doesn’t have a high limit might go for $9.

One underground hacker market inexplicably called Trump’s Dumps is selling full identities of individuals just like you for as little as $10 apiece. They’re called fullz, “dossiers that provide enough financial, geographic and biographical information on a victim to facilitate identity theft or other impersonation-based fraud.” Fullz can help a criminal get past those irritating “secret questions” that sites ask to verify your identity.

Recently, Secureworks’ researchers have seen more offers of bulk pre-verified card details, along with more identifying information about the owners. In some cases, offers even include the cardholder’s mother’s maiden name. Still, they cost just $10 to $12. Below is a fullz offer with a lot of personal identification on a Korean consumer.

In a massive breach like Equifax, hackers can easily walk away with hundreds of millions of dollars in profits from selling the data. Meanwhile, the identity thieves who purchased it can reap their own fortune running their scams.

Congress, the FTC and Equifax customers – enraged by both the company’s reluctance to initially disclose the breach and its carelessness (some would say tight-fistedness) concerning its cybersecurity defenses – have buried the company in lawsuits and official inquiries.

As USA Today revealed yesterday, hackers took advantage of an Equifax security vulnerability two months after an industry group discovered the coding flaw and shared a fix for it, raising questions about why Equifax didn't update its software successfully when the danger became known.

We’re looking forward to hearing the whole story from CEO Rick Smith when he testifies before Congress early next month. Whether Smith manages to hang on to his job remains to be seen - calls for his resignation after a 12-year-long scandal-free tenure are mounting. CNBC's Jim Cramer said last night that Smith "should be fired today."

But perhaps more worrying for Smith and his C-Suite companions are calls from North Dakota Sen. Heidi Heitkamp, who has demanded a criminal investigation into whether the company's executives - several of whom sold stock during the period between when the company first learned about the hack and when it disclosed it to the public - commited securities fraud.

"If that happened, then somebody needs to go to jail," she said.


 

Comments

Pernicious Gol… Sep 18, 2017 3:27 AM Permalink

I tried early and recently to file 90-day fraud alerts with each of the agencies. I tried to file credit freezes. Their Web sites don't work. I went to my state Attorney General's Web site and filed a fraud complaint against each agency.

gdpetti headless blogger Sep 17, 2017 3:13 PM Permalink

First, ask Alfie what it's all about, and only then ask about the security of your data in a corrupt system run by corrupt people?THis is the same as the crypto question... Who do you think setup and runs the 'dark web' and all those criminal activities?We complain about others, but isn't it always us pulling the strings of corruption? Isn't this why we keep sending in more troops to Afghanistan? to protect our CIA run drug op? Same op we had in Indochina etc? Same pedophile activity, kiddie porn, slavery of young and old, terrorist training etc.. 

In reply to by headless blogger

pacrim888 Sep 17, 2017 11:40 AM Permalink

Both in Europe and in Asia every single transaction on any credit card is sent to your phone by SMS immediately. U know within 10 seconds if your CC is being used for how much and to which retailer. Easy to avoid fraud that way. On top of that everywhere when u use your CC u need both to enter your pin and also sign in most shops. My debit card in the US asks a post code in petrol stations !?!?!?!

MK ULTRA Alpha Sep 17, 2017 11:20 AM Permalink

America is a lie. Federal government budgets $100s of billions for security and we're not secure. Federal government uses it all against us and we are fed on by the entire globe. Globalism benefits who?

Sing the one world government song, "We are the world..." LOL didn't hear anymore about federal workers being hacked in the millions during Obama nor the killing of the entire CIA China network, did we.

Federal government workers are the lowest quality workers in USA. We need a RIF reduction in force of 500,000 federal government workers and their contractors. 17 intelligence agencies with 200,000 contractors. It is all for us, not terrorist, criminals etc. Look at how crooked the FBI is, and NSA is the same way.

It is all a dirty sick joke and we are slaves of a rotten system.

BuckWild Sep 17, 2017 11:12 AM Permalink

Don't panic just be diligent.As you may have heard, Equifax, one of the three largest credit monitoring bureaus in the U.S., announced a data breach at the company that may have affected 143 million U.S. consumers. The breach included social security numbers, birth dates, addresses, credit card numbers as well as other personal information. This breach does not affect your LastPass account. To help determine if your personal information was compromised, Equifax set up a website - www.equifaxsecurity2017.com - where you can learn more about the incident. To further protect yourself from future incidents, you should:1. Sign up for the credit monitoring service of your choice.  2.  Freeze your credit files.  3.  Monitor your bank and credit cards.  4.  Keep using a password manager, like LastPass, to help protect your identity. I use Creditkarma.com its free and also gives you the credit score from two of the credit reporting agencies. If I have a change in any of my credit reports they send me an email and I can check on it instantly.Just be on your game if you are going to play with the bankers!

Faeriedust BuckWild Sep 17, 2017 1:52 PM Permalink

Oh, yes.  Sign up with an online cloud service to created and store every password you have.  What could go wrong? HAHAHAHAHAHAH.I have a little notebook that goes everywhere with me. Keeping it on PAPER under my personal control is far, far more secure than anything on anyone's computer, even mine.

In reply to by BuckWild

RabbitOne Sep 17, 2017 9:42 AM Permalink

As a retired IT database manager I can say “..I told you so...”.  In the 1990s IT people screamed at Microsoft for building holes and back doors in their software. Their explanation was these holes were necessary for diagnostic software (and CIA supported probes) to enter the system. We fought tooth and nail and lost as they turned their backs on us. In the case of the bank I worked at we dumped all Microsoft server and database  products and converted to Unix and Linux at great expense - but with peace of mind.So what happens is fully documented in security procedures around the world. Some clown downloads secure mainframe or secure server data to a Microsoft product and its hacked in days...     

Bai Suzhen Sep 17, 2017 8:16 AM Permalink

In fact, a high-limit American express card with a high chance of working can be purchased online for less than $20. It's not the huge charge that is worrisome.  That will be immediately recognized as fraud, and challanged.  But a lot of people don't check the small stuff.  A three or four dollar charge every other month or two, across several million of the population, may never be noticed by a lot of folks.

FreeNewEnergy Sep 17, 2017 6:42 AM Permalink

I don;t know what's worse, the hack, the potential for fraud, or the outright unwillingness of Equifax (and TrannyUnion and Experian) to do anything about it.I would guess the latter. These companies have operated a monopoly for 30-40 years with the government in complete compliance. It's basically a slave system, forcing everybody in America to be controlled by a number.My hope is that there are so many cases of CC theft and fraud that it's declared a national emergency and a debt jubilee occurs.Come to think of it, that just might be part of the overall plan by the scumbag elites.In general terms, I'd like ot see a blowup like the 07-08-09-10 mortgage/housing fiasco. I got to live rent free for six years in a 1600 SF house, didn't do any repairs, paid no property taxes and got $9K to move out because I sued the bastard bank for fraud.Right now, I have a small ($10k) home equity LOC on a house that was (supposedly) sold at auction last November. Turns out it never went to the tax auction; it wass sold to one of the local cronies. The bank knew the house was going  up for auction, contacted me and I told them point blank, three things: 1. Do not pay the back taxes (6 years, about $18k) to forestall foreclosure; 2. I borrowed the money and intend to pay it back, no matter if the collateral (the house) is still in my name or not; 3. If you make any changes to the agreement (which I read fully, three or four times and told them so), I will stop paying and countersue if you ever try to collect a single nickel.Guess what happened? The house got sold, as I said, to some person (I have the name and address), than bank has done nothing wiht the LOC (they're breaking the law) and I pay every month on time and have used funds from it on a number of occasions. Truth of the matter - and I had this conversation with a loan officer - whatever suits the bank, the loan is based on the collateral, or the person. It changes according to their needs and condition. Banks are all scum, even the supposedly "nice" credit unions. In fact, CUs have two words which I detest: "credit" and "union."I've got 16 CCs and store cards with about $15k outstanding. I hope every one of them goes tits up over the next six months. I'll renegotiate everything, with the threat of bankruptcy and ZERO payments backing me up. Forming a corporation to proetect what I do own (and they can't take).Good luck, everyone. This is some tricky shit.

LA_Goldbug Sep 17, 2017 5:21 AM Permalink

""If that happened, then somebody needs to go to jail," she said. "

Yeh, the guy in the coffee room.

Hearing this BS after a while get mighty tiring.

"A small financial institution called Abacus becomes the only company criminally indicted in the wake of the United States' 2008 mortgage crisis. "
Read that again !! "... the only ..."

http://www.imdb.com/title/tt5952382/

ItsAllBollocks Sep 17, 2017 5:05 AM Permalink

Those and high-end personal cards—say, a Platinum American Express that has been verified and has an 85 percent rating (judged by the seller to have an 85 percent chance of being successfully used in a fraud)—will go for $15 to $20.Um, I demand this person be arrested and charged under the war on terror balloney for willingly advertising their (or their client's) ILLEGAL ACTIVITY on the internet. The advertising of illegal activity is a felony if you have a look. Der....

JelloBeyonce Sep 17, 2017 2:08 AM Permalink

I don't understand the problem here.Credit card debt is essentially a loan.There is no money without loans (fractional-Reserve Banking).If these folks have remaining high balances available on their credit cards, it means they're not accumulating enough debt (not spending enough).If people don't accumulate more debt, or start to pay off existing debt, the money supply shrinks.If the money supply shrinks, there's less economic activity, lowering GDP.These crooks buying these high-limit cards can't hoard those balances in banks, thus they must spend them.The more they spend, the more money is created, the greater economic activity, the greater GDP.The more economic activity and greater GDP, the better off the economy.The better off the economy, the more jobs.The more jobs, the more people can go further into debt, creating more money, even more economic activity, even higher GDP, etc. It's a win-win-win. God bless the hackers.

Moving and Grooving luckylogger Sep 17, 2017 12:13 PM Permalink

'How is it that these folks can get ALL information about a person?Without me saying it is ok?' Companies, real legitimate ones, aggregate your info from big data stores. They legally purchase gigantic caches of data from government, cc companies, DMVs (huge amount of dangerous data there) and, of course, Google, Microsoft, etc and piece it all together into these profiles ('dossiers') that are then sold back to governments for their use. Then it gets conveniently stolen and sold to anyone. 100% legal and approved by your government. That's how. 

In reply to by luckylogger

Thalamus Sep 17, 2017 12:48 AM Permalink

I went into Target today to buy paint and batteries and the lady says I need to see your drivers license, she grabbed it and scanned the back. Wth? Now they can steal my CC and my personal info in one shot. Not ever shopping at Target ???? again!

konadog Sep 17, 2017 12:26 AM Permalink

"If that happened, then somebody needs to go to jail," from North Dakota Sen. Heidi Heitkamp in response to possible insider trading.OK Heidi, but somehow it was ok for Equifax executives to rake in big fat bonuses instead paying for competent IT staff? The former ripped off a few elites on stock sales while the latter potentially trashed the lives of 140 million average Americans.  Never mind, ... answered my own question.

Internet-is-Beast Sep 17, 2017 12:03 AM Permalink

How do we know if the Equifax leak wasn't an inside job with the participation of Mauldin and those who recently stepped down or retired? Shouldn't that be investigated? It seems reasonable not to rule this possibility out, rather than just blaming crappy software.