Like a cascading effect, one data leak fuels the next effort to get it. Billions of files containing valuable personal information circulate on the Internet and especially on parallel darknet traffic networks. Coming from server hacks or accidental leaks, this data fuels a black market for resale or the creation of real packages to carry out turnkey scams. A discreet and well-structured economy worth several hundred million euros a year. Moving to industrial processing rates, this activity was organized around a valorization system based on their usefulness and rarity. Payments are made in cryptocurrencies such as Bitcoin or Monero, which are known to be less traceable.
“The database is first offered to an initial circle of hackers after being evaluated according to the source company and then auctioned,” explains Iskander Sanchez-Rola, director of innovation at Gen Digital (merger of Symantec and Norton) . “If it doesn’t find a buyer at the right price, it ends up being distributed for free and traded between different cybercriminal groups,” explains the expert. Some build their online reputations on the distribution of raw data.
5 euros per credit card
In this ocean of data and lines of information, the most refined, and therefore most exploitable, ones retain a good market value. “The most sought after are the data that gives trust to an interlocutor, all of them [auxquelles] we are convinced that we are the only ones with access,” underlines Pascal Le Digol, cybersecurity expert at WatchGuard Technologies. «All the information useful to make the source of an email or SMS legitimate during a scam», he specifies. And list social security numbers, Vitale cards or IBANs.
On specialized platforms, a simple stolen bank card costs around 5 euros, according to research conducted on the darknet by Forward, a company specializing in risk management. Access to a loyalty program varies from 30 to 80 euros, depending on the amount of prize money to be used. A package with the complete identity of a person (number, email, identity document or even Vitale card) is worth around 50 euros at the time of resale.
“The amount can go up to 200 euros per user for information that allows you to bypass security measures, such as double authentication used by banks,” adds Iskander Sanchez-Rola. Raw or refined, this data also fuels a new and discrete business: the traffic of data intended to feed artificial intelligence models hungry for statistics about our lives.
What are the common methods used by cybercriminals to exploit data leaks?
Interviewer: Welcome to Time.news! Today, we have an expert in cybersecurity, Iskander Sanchez-Rola, the director of innovation at Gen Digital, the company formed from the merger of Symantec and Norton. He’s here to discuss the alarming rise of data leaks and the dark underbelly of the internet where personal information is traded like commodities. Iskander, thank you for joining us.
Iskander Sanchez-Rola: Thank you for having me! It’s great to be here.
Interviewer: Let’s dive right in. You mentioned that one data leak can lead to another. Can you explain how this cascading effect occurs in the world of cybercrime?
Iskander Sanchez-Rola: Absolutely. When a data leak occurs, it’s not just an isolated incident. The information stolen can often be incredibly valuable. Cybercriminals first evaluate the data based on the source company’s reputation and the potential financial return. If they deem it useful, it gets auctioned off among a closed circle of hackers. If it doesn’t sell at the expected price, it frequently ends up being distributed for free, leading to more widespread use among various cybercriminal organizations. This creates a vicious cycle where one leak fuels further exploitation.
Interviewer: It sounds like a well-oiled machine. You also mentioned a ‘black market for resale’ of this data. Can you quantify how big this market is?
Iskander Sanchez-Rola: Certainly. The black market for stolen data is structured and operates as an economy worth several hundred million euros annually. This underground market is highly organized, using a valuation system that considers both the rarity of the data and its potential usefulness.
Interviewer: That’s shocking. Could you break down how transactions occur in this market?
Iskander Sanchez-Rola: Sure! Transactions typically happen in cryptocurrencies such as Bitcoin or Monero, which are chosen precisely for their anonymity and lower traceability. For example, a credit card number can go for as little as 5 euros. This low price point allows even smaller-scale criminals to participate in the market, perpetuating the cycle of data leaks and scams.
Interviewer: That statistic is eye-opening! How do you see the reputation of hackers evolving in this landscape?
Iskander Sanchez-Rola: Interestingly, some hackers build their reputations by distributing raw data, making a name for themselves in the underground community. Their online credibility can attract business and partnerships, which only fuels this cycle of criminal activity. This fosters an environment where data breaches and leaks become a regular occurrence, as there are always individuals looking to capitalize on these situations.
Interviewer: It’s a cycle that seems difficult to break. As an expert, what measures can individuals and organizations take to protect themselves from becoming victims of such data leaks?
Iskander Sanchez-Rola: There are several steps individuals and organizations can take. Regularly updating software, employing robust password management, and utilizing multi-factor authentication can significantly enhance security. Educating users about phishing scams and data privacy is also essential. However, it’s crucial for organizations to have incident response plans in place, as even the best defenses can be compromised.
Interviewer: Important advice! As we wrap up, what do you hope the future holds regarding cybersecurity and the fight against such cybercrime?
Iskander Sanchez-Rola: I hope for a future of enhanced awareness and collaboration between cybersecurity firms, law enforcement, and the public. The more people understand the risks and how to mitigate them, the harder it becomes for cybercriminals to operate. Collective effort and continuous innovation in cybersecurity measures will be key in combating these emerging threats.
Interviewer: Thank you, Iskander, for sharing your insights on such an important issue. It’s truly fascinating and concerning at the same time. We appreciate your time and expertise.
Iskander Sanchez-Rola: Thank you! I appreciate the opportunity to discuss such critical matters.
