In the Dark - Dark Web Report

In the past, basic steps preventing identity theft and having good security meant shredding documents, occasionally changing your passwords, and not trusting any members of a royal family offering their wealth in a random email.

As we’ve progressed into the digital age, the security threats posed are far more complex and serious. Our lives are based online; our finances, important legal documents and entertainment are often tethered online in one way or another.

With enough personal information and basic technological knowledge, even a thief with limited skill could potentially gain access to some of your most important accounts.

So how much would it cost to gain access to your life and what happens once they break in?

FOR SALE IN THE DARK

The Dark Web is the criminal underbelly of the Deep Web, where criminals can openly sell access to restricted and illegal products. Weapons, drugs, stolen items, banned material and information are common finds on dark web markets.

The dark web is accessed using Tor (The Onion Router) browser, a secure* and anonymous platform that hides a user through multiple layers of connections.

*It is still advised that you use a VPN while using Tor, as there are ways people constantly seek to breach the security behind Tor.

Information is an incredibly lucrative business for hackers and scammers. As most people have multiple online accounts, if a hacker gains access to one of your accounts it typically leaves your other accounts easier to hack.

For instance, we found examples where individuals with access to nonpublic companies could receive up to $25,000 for leaking sensitive stock data. This is highly illegal, and maximum penalties in the USA include 20 years in prison along with a $5,000,000 fine.

Financial accounts are the endgame for many, as access to bank cards and online wallets such as PayPal can be worth thousands of pounds.

Sites on the dark web such as Financial Oasis and PayPal Cent are major marketplaces for stolen financial information, where people can pick and choose accounts of their liking. Information such as the victim’s origin country, whether they have a card linked to their PayPal and the balance are openly listed.

WHAT IS INFORMATION WORTH ON THE DARK WEB

Here is a list of how much a hacker charges for a victim’s information:

Select currency:

ACCOUNT TYPE	VALUE	PRICE
PayPal Account	$12,000	$1,200
Money Transfer	$7,500	$1,125
Amazon Gift Card	$2,000	$700
Cashapp Transfer	$7,000	$425
PayPal Transfer	$1,200	$240
Paypal Account	$1,800	$190
Cashapp Transfer	$1,500	$180
Amazon Gift Card	$500	$175
Money Transfer	$1,250	$167
PayPal Account	$1,200	$120
Bank Card	$800 - $1,000	$79
Bank Card	$500 - $750	$64
Bank Card	$200 - $400	$49

WHAT DOES A FULL IDENTITY COST

With basic knowledge of your accounts, it can be much easier for hackers and scammers to steal your identity, but just how much would it cost for them to scam their way into your life?

There are programs openly available that will force entry to multiple social media accounts for as cheap as $12.99.

Using the information they gain from your social media, they can do various things:

CASHOUT

Sell the account on or transfer available funds.

IDENTITY

Verify themselves as you.

Purchase

Purchase items using linked cards.

PERSONAL INFORMATION

Steal personal information from private messages / hidden information.

Price list

Select currency:

Social Media

$12.99

Personal Information*

$40 - $200

Bank Details

$50 - $200

UK Passport

$750

*Personal Information includes Name, Address, Phone Number, Credit History

FORGED IDENTIFICATION

Upon inspection of ID vendors, we discovered that people were selling Passports and Drivers Licenses, the combination of accurate personal information and a convincing forgery could spell disaster for a hacking victim, as criminals could impersonate them.

Select currency:

COUNTRY	PASSPORT	PASSPORT & DRIVERS LICENSE	PASSPORT & ID CARD	PASSPORT, ID & DRIVERS LICENSE

DATA BREACHES FOR SALE

Data breaches are a major threat to many, with major apps such as Dubsmash losing 15.5 Million users email addresses and passwords. More sensitive breaches such as MyHeritage could potentially contain vast amounts of personal data, which could assist hackers and scammers in securing access to more accounts.

Below is the cost of access to each of the breached databases, and the amount of records the access will secure you. These breaches can vary from basic information to detailed health and device information.

Select currency:

DATABASE	PRICE	Category	RECORDS

Please bear in mind that these databases can be leaked once they’ve been released for a certain amount of time, and become readily accessible to many users for free very quickly.

DARK WEB INFORMATION

There are some tall tales regarding the dark web that have caused it to be largely misunderstood, leaving people vulnerable to potential dangers, but also misinformed as to lawful and morally justifiable usage. Good examples of the dark web being used in a positive way are journalism and whistleblowing. Journalists are able to securely communicate and collect information without the worry of their identity being exposed.

Many people believe that accessing the dark web is illegal within itself, which is false. The dark web is heavily encrypted and some countries have made high levels of encryption illegal, however, these are countries such as China, Russia, Iraq, Turkey and North Korea.

A vast amount of people believe that accessing the dark web requires high levels of skill, when in reality it is safely accessible to many, providing they follow precautions and keep their wits about them. To read more about safely accessing the dark web, the legality of actions as well as basic and advanced advice, view this dark web guide.

DISCLAIMER AND WARNING

The dark web is often seen as dangerous for good reason, there are people with malicious intent and there are pitfalls everywhere for those who aren’t prepared to a good standard.

Attached is a screenshot that was taken of a site dedicated to openly publishing information on people, including name, address and contact information. They verify the accuracy and even track whether the victim has been “swatted” - a federal crime which recently resulted in the death of a victim.

FREE RESOURCE LINKS

Have I Been Pwned

Check your email to view whether it has been on any breach lists. Link

Dehashed

Check any personal information against massive breach records. Link

LastPass

A secure and efficient way to manage encrypted passwords. Link

IN THE DARK GALLERY

Financial Oasis One particularly notable find was a site that would provide pre-recycled banknotes. It shows a concerning level of power that some of the vendors have on the dark web.

The Paypal Cent Often the vendors offer an FAQ page that shines a light on how they provide their services or greater detail. This site cites that they’d recently had major trouble with the authorities when it came to emptying accounts on a mass scale - and found it safer to sell the details and earn their income from the proceeds.

Doxbin Homepage The concept of doxing is a particularly scary one. Publishing someone’s entire life online, as much revealing information about their location, contact information and even their family. This site openly encourages that people submit accurate doxes, and even tracks whether people have committed felony crimes to harass them.

FakeID Homepage This site is dedicated to fake identification, including but not limited to passports, ID cards and driver’s licenses. They claim to have real levels of accuracy, being able to incorporate the extra security steps of certain inks and stamps.

The Stock Insiders Above is an anonymous platform where individuals with access to nonpublic companies could receive up to $25,000 for leaking sensitive stock data. This is highly illegal, and maximum penalties in the USA include 20 years in prison along with up to a $5,000,000 fine depending on the severity of the leak.

IN THE CASE OF INFORMATION THEFT

If you believe your information has been stolen and your accounts have been compromised, here are some steps you can take to recover properly.

Stop

Seek to stop thieves access, notify your bank and places where you hold the breached accounts. You may be required to freeze your accounts to prevent further malicious activity.

Assess

Find what they managed to obtain from you, it could be sensitive information or financial details/money.

Solve

Take steps to see if losses can be claimed back, allow police to conduct an investigation if applicable.

Recover

Set new standards for safety such as password management, antivirus, VPN and making personal information less public on social media.

HOW TO KEEP YOUR INFORMATION SAFE

2 Factor Authentication

It is advised to secure your accounts with 2 Factor Authentication (2FA), in this case, any attempts made to log in to your account will have to be verified with a randomly generated code or password.

PASSWORD MANAGER

Using a password manager is an incredibly effective way of avoiding weak links in your online life, services such as LastPass have vaults that automatically generate unique, complex passwords and store them in a secure ‘vault’.

VPN

It is also incredibly beneficial to use a VPN when connected to the Internet, your traffic is anonymous, secure and you have access to a less restricted platform.

Antivirus software

Installing reliable antivirus software can help prevent multiple types of breach including spyware and Trojan horses. Both spyware and Trojan horses are common ways of obtaining login details from devices.