We live in a digital world, which means data is one of the hottest assets you can have right now.
Over the years, the world has digitally transformed in a way that was once unimaginable.
There’s been a paradigm shift in the way consumers interact with technology — which has proven beneficial but has also exposed consumers to risks like identity theft.
As the deep dark web grows, users’ data is sold on the dark web for dirt-cheap prices — some even cheaper than a burger.
New research by NordVPN, a VPN service by cybersecurity company Nord Security, found that criminals can buy Canadian payment card data for as cheap as $6.91 and twitter login for as low as $2.74.
Now, you may wonder why someone would want to buy your credit card data or twitter data. What harm can it do?
A lot, in fact.
Steve Wilson, lead for the BCIT Centre for Digital Transformation and cybersecurity expert, shared that in this digital age, identity is everything, and “data is the new oil.”
First, what’s the dark web?
The dark web is a hidden part of the world wide web. While the world wide web can be accessed by everybody, the dark web can be accessed only using a special browser.
The dark web is home to a lot of illegal activities and can seem like a daunting and haunted place, but it's not.
Wilson said the dark web works like a regular marketplace where people buy and sell — in this case, data — for cheap prices.
“There's a bit of a reputation for people that deal with product on the dark web, and it's almost like a customer satisfaction scale,” he explained.
“For example, if you've purchased, say 50 credit cards on the dark web, and then resell that. A couple of the cards don't work. The customer service honestly is so good that they say 'if you have a couple of cards that aren't working, let us know. And we'll reimburse you and send you additional card information.'”
It's all about reputation for the sellers in the dark web. Once the trust is built, hackers list all kinds of data on the dark web for people to buy for cheap prices.
The easier it is to get an item, the cheaper it is. Which is why, according to the research by NordVPN, a Canadian passport costs only $9.47 on the dark web. You can get anything from college ID to voters’ emails on the dark web.
Experts say that once the data is out in the wrong hands, the criminal can use it for their own benefit. At best, it could be used to, say, access a streaming account. In most cases, the identity is compromised and the criminal tries to assume the victim’s identity and swindle money.
Preventing cybercrime: Cybersecurity Awareness Month
October marks Cybersecurity Awareness Month, and digital and cybersecurity experts across the world are trying to spread awareness on consumers protecting themselves before data is leaked and identities are compromised.
“Cybercrime is booming, and we need to educate ourselves if we want to stay safe,” said Daniel Markuson, a cybersecurity expert at NordVPN, in a press release.
Wilson said cybercrime is more evolved than a common man would think.
“It's not like people dumping, going through your garbage, looking for pieces of information,” he said. “It’s not high school kids in a basement somewhere just trying to hack in for fun. It's organized, it's extremely well organized, because there's so much money available in this space right now. So they take a lot of time and effort to go through and get your information and because they know there's value in it.”
Having worked in law enforcement for fraud and tech crime investigations for more than 10 years, he said everything we touch in this day and age has some digital component to it, and cybersecurity and privacy are foundational pieces for any type of digital transformation.
The best practice to avoid having your identity compromised is prevention, he explained.
"Everybody's prone to it — they’ve had their personal information stolen, or they've had their accounts accessed and or their identities been used for nefarious purposes.”
Stolen data helps cybercriminals build identities
Wilson explained that people can take data (even data you think has little value) and create sock puppets — starting with building profiles, a persona. Then they can use the stolen identity to open legitimate products like bank accounts and mortgages, and buy vehicles to be resold offshore. It all starts with the dark web, where these transactions take place.
“I've heard of cases where people on the West Coast have had either identity stolen and used by organized crime groups on the East Coast,” he said. “They were basically using these people's information to buy real estate. So it's not just a matter of when they default on mortgage. The legitimate person on the West Coast had their identity compromised. If they go to their credit report, it's going to basically show that they're the ones that are defaulted on mortgage. And it's what a lot of people don't understand is it sounds crazy. And it's well, I'm just going to phone them and say that's not true. It's not as easy as that. In some cases. I know people have spent years trying to recover their credit and say, 'Well, wait, this isn't me.' But yeah, identity's everything.”
So your identity is compromised. Now what?
So, the criminal spends $5 for your data — what are the consequences for them? Wilson said there is little to no consequence for the criminals. Most times, he observed, the perpetrators could be anywhere in the world, with nothing but a digital footprint.
He explains that the chances of recovery and prosecution are slim, but when your identity is compromised, there’s more at stake for you.
“In all my years, I've only heard of one case where people actually recovered funds, and it was a minor amount — like they'd lost a couple hundred thousand dollars, and I think they recovered $9,000,” he said.
“There are a lot of people that become victims of this identity theft or even the online romance scams, and they've lost a substantial amount and that they become embarrassed, destitute, and a lot of times they commit suicide. So it kind of goes to the level of importance.”
“When we think about identity theft, if you think about U.K., they are a lot more proactive than we've been with the identity theft legislation and resources to law enforcement and even being proactive with education. Whereas in Canada, it's still not seen as a major public issue. So it's not getting the attention it should.”
Global implications for cybersecurity
To prevent big data leaks from larger corporations and government bodies, cyber teams across the globe work to explore strategies to prepare in case of a cyber attack.
In IMD World Digital Competitiveness Ranking, conducted by the IMD World Competitiveness Center, Denmark excels in the ranking that measures how well economies are exploring and coping with new tech. The ranking measured the capacity and readiness of 63 economies to adopt and explore digital technologies as a key driver for economic transformation in business, government and wider society.
Canada ranked 10th.
Cybersecurity measures were noted as top priority for public and private sectors in the ranking. One of the major findings published in the 2022 edition of IMD World Digital Competitiveness Ranking by IMD's World Competitiveness Center (WCC) was that governments and the private sector need to shield their digital infrastructure from cyber attacks if they want to continue in the race for digitally competitive economies.
Protection from cybercrime starts at home
It's a problem with massive international implications — but it all starts right here, in front of your own personal device.
Wilson emphasizes that it's all about the basics, and it starts simple. He advises the public to spend a bit of time researching the best ways to set up passwords — something as simple as I love cats, and I've got four at home, something easy to remember — and to use different passwords for different accounts.
He also suggested staying away from public WiFis (and instead use VPNs) especially to order online and/or use credit card information on a public server, which is easier to hack into.
He himself would keep his passwords in an encrypted drive and stowed away in an offline safe. But the most important advice he has for everyone is to shred offline paper documents and destroy the digital drives.
“If it's on a server somewhere, just because you've said 'delete,' it doesn't mean it can't be recovered. You think about digital forensics,” he said.
“You know what I usually tell people when they say they carry around USBs and they have external drives that they're no longer using or have laptops that they want to send recycling, I tell people to take the drives out — taking a drill to them and crush them. Just to make sure there's no possible way that anybody can get access to them.”
After all, the World Economic Forum highlighted that 95% of the cybersecurity issues are caused by human errors.
Five dollars spent by a criminal on the dark web can lead to much larger implications if you have your identity stolen.