Slashdot Mirror

← Back to Stories (view on slashdot.org)

Your Stolen Identity Goes For $20 On the Internet Black Market

Posted by timothy on from the remember-it's-your-data-not-actually-your-identity dept.

HughPickens.com writes: Keith Collins writes at Quartz that the going rate for a stolen identity is about twenty bucks on the internet black market. Collins analyzed hundreds of listings for a full set of someone's personal information—identification number, address, birthdate, etc., known as "fullz" that were put up for sale over the past year, using data collected by Grams, a search engine for the dark web. The listings ranged in price from less than $1 to about $450, converted from bitcoin. The median price for someone's identity was $21.35. The most expensive fullz came from a vendor called "OsamaBinFraudin," and listed a premium identity with a high credit score for $454.05. Listings on the lower end were typically less glamorous and included only the basics, like the victim's name, address, social security number, perhaps a mother's maiden name. Marketplaces on the dark web, not unlike eBay, have feedback systems for vendors ("cheap and good A+"), refund policies (usually stating that refunds are not allowed), and even well-labeled sections. "There is no shortage of hackers willing to do about anything, computer related, for money," writes Elizabeth Clarke. "and they are continually finding ways to monetize personal and business data."

57 comments

  1. My mother's maiden name is Hero by Anonymous Coward · · Score: 5, Funny

    Sadly, I married and took the last name Coward.

    1. Re:My mother's maiden name is Hero by FatdogHaiku · · Score: 1

      Sadly, I married and took the last name Coward.

      Although you lost a shot at TV fame (twice)... you'll always be well known here at /.

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  2. So, how much to buy a better life? by NotDrWho · · Score: 2

    My current identity sucks ass.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:So, how much to buy a better life? by Demonoid-Penguin · · Score: 3, Insightful

      My current identity sucks ass.

      So? Stop whining, scrape up $20 and buy a better one.

      $100 will get you one with 500 Fffacebook friends and 1000 Twitter followers.

      $1000 will get you one with no Ffffacebook friends or Twitter followers.

      For $5 you could be Depak Chopra.

    2. Re: So, how much to buy a better life? by Anonymous Coward · · Score: 0

      Only $19.95, but wait, order now and get two, yes that's right two!! One for you and the other for your closet persona.

  3. How many LifeLock employees? by xxxJonBoyxxx · · Score: 4, Insightful

    It makes you wonder how many of these "hackers" are just LifeLock employees or other people in trusted positions who just took the data home with them?

    (I remember my first job in healthcare. At 19 - pre-HIPAA - I used to browse the medical records of friends, family and famous people on the hospital network when I was bored and alone at work, and it occurred to me once how easy it would be to just save the "best" ones to a floppy each night.)

    1. Re:How many LifeLock employees? by bobbied · · Score: 2

      These days if you tried that they'd be hauling your butt off to jail. This HIPPA thing make this a serious liability and hospitals and doctors have got nuts about it, so much that I cannot even make a doctor's appointment for my wife anymore, unless she's signed their form that says I can....

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:How many LifeLock employees? by Anonymous Coward · · Score: 0

      You do realize you're now on record for doing one of the most unethical things imaginable?

    3. Re:How many LifeLock employees? by Anonymous Coward · · Score: 0

      he installed Games for Windows?

    4. Re:How many LifeLock employees? by Anonymous Coward · · Score: 0

      18 year old pharmacy technicians can easily look up the prescriptions of anybody in the country without setting off too many flags so long as they avoid famous people or politicians (and just looking up one is unlikely to have any consequence)

      personal history suggests that they'd just get fired rather than facing any real charges or fines should they get caught.

    5. Re:How many LifeLock employees? by Anonymous Coward · · Score: 4, Interesting

      I used to work for a large card processor back in the 90's. Our call centers were staffed with temp employees as CSA's, which provided a way for gangs to infiltrate the company so that they could get customer personal info, purchase history and lots of other financial info. I remember one time while working on the call center floor when some men from the company's security division along with six cops rounded up 5 members of one of these gangs and hauled them off in hand cuffs. Given how porous that networks have been during the last 10-15 years I doubt they even bother trying to get people on the inside anymore.

    6. Re:How many LifeLock employees? by Anonymous Coward · · Score: 1

      I find it funny that the same people don't ask the same questions about groups like Anonymous.

      They're not magic, they don't have superpowers...they don't even have tools that aren't available to the general public, yet they seem to have an inordinate amount of success at getting to their targets. How? Easy, they use the same tactics that terrorists use. They appeal to one's morality and sense of social justice, convince people in positions of power that they're fighting the same enemy and for a common cause...I wouldn't be surprised if a lot of the accounts and sites "hacked" by Anonymous weren't handed the keys to the kingdom by someone on the inside. They say it themselves, "we are legion..." It's unlikely that none of said "legion" includes people working at telecom corporations and ISP's.

      The same situation is almost certainly true here, employees of social security departments or credit services have found out they can go online, make themselves a Bitcoin wallet and start selling the very same information that they're supposed to be protecting.

    7. Re:How many LifeLock employees? by xxxJonBoyxxx · · Score: 3, Interesting

      >> you're now on record for doing one of the most unethical things imaginable?

      Our last three presidents collectively admitted to smoking pot, using cocaine, driving drunk, sleeping around, eating dog and more. Career-wise, I'll be fine.

      I'd expect that it's the teenagers who are currently making racist comments on their Facebook feeds that can expect a lifetime of career-aborting revelations.

    8. Re:How many LifeLock employees? by Anonymous Coward · · Score: 0

      HIPAA*

    9. Re:How many LifeLock employees? by Anonymous Coward · · Score: 0

      You do realize you're now on record for doing one of the most unethical things imaginable?

      C'mon, there's no need to indulge in hyperbole. Seriously, you're leading a very charmed life, or you have a poor imagination, if you think a little voyeurism is one of the most unethical things imaginable.

    10. Re:How many LifeLock employees? by Anonymous Coward · · Score: 0

      Which isn't trivial. You're basically blacklisted from *ever* working in another pharmacy, save for maybe some small ma and pa store in backwoods areas.

    11. Re:How many LifeLock employees? by Anonymous Coward · · Score: 0

      It wasn't unethical when he did it.

    12. Re:How many LifeLock employees? by Anonymous Coward · · Score: 0

      Oh please, there's no pharmacy blacklist. Only an arrest record, or poor job reference is going to affect him as a future hire. And if he wasn't arrested, then it's likely that his former employer would just simply confirm his date of employment and wage rate since bashing an ex-employee could result in a lawsuit.

    13. Re:How many LifeLock employees? by alexhs · · Score: 2

      Our last three presidents collectively admitted to smoking pot, using cocaine, driving drunk, sleeping around, eating dog and more. Career-wise, I'll be fine.

      I expected a mention about causing the death of thousands of people abroad, but apparently there's nothing worse than intoxicating oneself, having sex between consenting adults, and not being a vegetarian.

      --
      I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
    14. Re:How many LifeLock employees? by xxxJonBoyxxx · · Score: 4, Insightful

      >> It wasn't unethical when he did it.

      Disagree. It was unethical when I did it. It may not have been illegal yet, and our hospital system (privacy clueless in the era before HIPAA) never told the folks in IT NOT to pry around the databases, medical records or stacks of bills we produced, but poking around people's personal business was still was an unethical invasion of privacy. Fortunately, I've "grown ethics" in the 20-odd years since I was a teenager, and there are better legal and technical deterrents and preventatives to this type of thing now.

    15. Re:How many LifeLock employees? by tompaulco · · Score: 1

      These days if you tried that they'd be hauling your butt off to jail. This HIPPA thing make this a serious liability and hospitals and doctors have got nuts about it, so much that I cannot even make a doctor's appointment for my wife anymore, unless she's signed their form that says I can....

      Yes. Same here, and my wife speaks English pretty well, but she is sensitive about her English and always wants me to talk to the doctors. What pisses me off is that the patients and the low level peons have to obey every jot and tittle of the HIPAA code, while you can hear doctors casually discussing cases and identifying information with one another. Also, in the massively overcrowded hospitals with multiple patients in a room, they don't bother to get all of the other patients and patients families out of the room before discussing details of a patients medical history.

      --
      If you are not allowed to question your government then the government has answered your question.
    16. Re:How many LifeLock employees? by tompaulco · · Score: 1

      I expected a mention about causing the death of thousands of people abroad, but apparently there's nothing worse than intoxicating oneself, having sex between consenting adults, and not being a vegetarian.

      It's not like they directly caused them, or even had a desire to cause them. If nobody had blown up the Twin Towers, this all could have been avoided.

      --
      If you are not allowed to question your government then the government has answered your question.
    17. Re:How many LifeLock employees? by xxxJonBoyxxx · · Score: 1

      >> causing the death of thousands of people abroad

      If my background check showed that, I think I'd understand why I was not being hired. :) Stay with the thread (i.e., people get over minor offenses and cultural missteps - even ill-considered tattoos - all the time) and you'll be okay.

    18. Re:How many LifeLock employees? by Anonymous Coward · · Score: 0

      So it's Dick Cheney's fault?

    19. Re:How many LifeLock employees? by phantomfive · · Score: 1

      there are better legal and technical deterrents and preventatives to this type of thing now.

      Apparently not at the NSA.

      --
      "First they came for the slanderers and i said nothing."
    20. Re:How many LifeLock employees? by Anonymous Coward · · Score: 0

      nobody cares

    21. Re:How many LifeLock employees? by painandgreed · · Score: 1

      Disagree. It was unethical when I did it. It may not have been illegal yet, and our hospital system (privacy clueless in the era before HIPAA) never told the folks in IT NOT to pry around the databases, medical records or stacks of bills we produced, but poking around people's personal business was still was an unethical invasion of privacy. Fortunately, I've "grown ethics" in the 20-odd years since I was a teenager, and there are better legal and technical deterrents and preventatives to this type of thing now.

      Well, you do not grow "ethics", the are provided to you by the policies you work or otherwise act under. "Ethics" are following those rules as provided to you when you agree to work for somebody. Legalities are according to the law and are separate from ethics. Morals are your own personal code whether you adopt one that is provided to you by something like a religion or philosophy or not. If you personally disagree with what you did, it would have been immoral. If it was against your work policies at the time, it would have been unethical. If it was against the law at the time, it would have been illegal. At least, that is how it was explained by our ethics officer at work in the two hour meeting I had to sit through a few weeks ago.

  4. Are there lists? by Anonymous Coward · · Score: 0

    Are there lists of compromised identities? I'd like to see if I'm on it.

    1. Re:Are there lists? by xxxJonBoyxxx · · Score: 5, Funny

      >> Are there lists of compromised identities? I'd like to see if I'm on it.

      Sure, just post your name, social security number, credit card number and PIN here and we'll look it up.

    2. Re:Are there lists? by Nidi62 · · Score: 1

      Sure. Just post for us your name, address, social security number, and credit card numbers (with security codes), so that we can see if any of your information is on the list. We also offer password protection analysis: post your account names and passwords and tell us what websites they are used for and we can tell you how vulnerable your accounts are to hacking.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    3. Re:Are there lists? by Anonymous Coward · · Score: 0

      Clinton Rooker, 721-07-4426, 1234 - can you email me to let me know? crooker@aol.com Thanks!

    4. Re:Are there lists? by Anonymous Coward · · Score: 1

      Unfortunately such a list would be woefully incomplete. Think forum posts thousands long uncached and hidden away in the darker places of the internet. And remember, these people are making a living off your information. Each identity is closely guarded by criminals far better than the original defenders until somebody pays up.

    5. Re:Are there lists? by LessThanObvious · · Score: 1

      Well... if a stranger is willing to pay $20 for my record, I'd pay $80 to remove it from circulation.

    6. Re:Are there lists? by Anonymous Coward · · Score: 0

      There be zombies on Slashdot these days ...

    7. Re:Are there lists? by Anonymous Coward · · Score: 0

      yes it will be removed from all of internet for 80 dollars... i promise.

  5. I wonder how much it costs to get a honeypot hack? by Anonymous Coward · · Score: 0

    If I was a security researcher and I could but hacks, I think it would be interesting to pay someone to hack "me", all the while recording everything that happens and is done. Would be interesting!

  6. Let's face it. by Anonymous Coward · · Score: 0, Interesting

    OsamaBinFraudin is a bombastic nickname.

  7. Joke's on You! by seven+of+five · · Score: 1

    I have $10 in my account....

    1. Re:Joke's on You! by Jamu · · Score: 2

      Maybe you could buy slashdot.

      --
      Who ordered that?
    2. Re:Joke's on You! by PopeRatzo · · Score: 1

      I have $10 in my account....

      Yeah. Somebody steals my identity, they're in for a big surprise.

      --
      You are welcome on my lawn.
    3. Re:Joke's on You! by CimmerianX · · Score: 3, Funny

      Yours must be one of the accounts that goes for $1.40.

    4. Re:Joke's on You! by Anonymous Coward · · Score: 1

      Someone can still run up $50,000 debt in your name. This is no joke.

    5. Re:Joke's on You! by Anonymous Coward · · Score: 0

      I wonder if the editors are going to feel the need to censor that story on DICE's behalf as well? Now that they're literally dropping Slashdot and Sourceforge like the turds that they've become?

  8. DarkNet Marketing Extravaganza! by fustakrakich · · Score: 1

    When do they have their their white sale? On Black Friday?

    --
    “He’s not deformed, he’s just drunk!”
  9. How is this any different from advertising? by Anonymous Coward · · Score: 0

    Same thing, different information gathering method (you give the advertisers that information, natch).

  10. Sounds pretty organized by tompaulco · · Score: 1

    This sounds like an organized, well thought out network. It's a shame that they are only getting $20 a pop. If they were to use their powers for Good instead of Evil, they could probably be making many times more money.
    The thing that pisses me off about theft is that the thief only gets away with $5, but the damage they cause is $500. When they steal 40 cents worth of copper from your AC, you now have to buy a new $5,000 AC. When they steal your identity for $20, they ruin your credit for the rest of your life and reduce you to begging on the street. I guess you could steal, too, in order to get by, but most people's ethics wouldn't allow them to do that, even if they are destitute. Human beings don't steal.

    --
    If you are not allowed to question your government then the government has answered your question.
    1. Re:Sounds pretty organized by xenotransplant · · Score: 0

      Indeed. The mind is a horrible thing to taste.

    2. Re:Sounds pretty organized by liquid_schwartz · · Score: 1

      I always wish people like this were hunted down with the same zeal as terrorists. Black ops on identity thieves is something I could really rally behind :-)

  11. I think mine fetches far more than that by Anonymous Coward · · Score: 0

    I'm famous.

  12. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  13. Let's see by Anonymous Coward · · Score: 0

    Quarter million in student loan debt? Go right ahead and take my identity, we can switch.

  14. Not much... by MagickalMyst · · Score: 1

    Compared to the cost of your organs on the black market.

    --
    Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
  15. can I sell my own identity? by Khashishi · · Score: 1

    I could use $20. Hey, it's not stolen if I sell it myself, right?

    1. Re:can I sell my own identity? by Anonymous Coward · · Score: 0

      If you do, then it's worth even less. It means your credit rating sucks and earning potential is at the bottom.

  16. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  17. Who's identity *isn't* for sale by jcadam · · Score: 1

    Considering how many times my identity has been "compromised" by organizations I've entrusted with my PII (Insurance companies, banks, and several different government agencies), I don't know why I even bother trying to maintain a credit rating at all.

    I'm sure I've been bought and sold a dozen times by now. My kids probably have a few defaulted mortgages on their records that they'll get to discover when they apply for student loans in 10 years or so.

  18. ID theft is the fault of lenders, credit bureaus by PeterM+from+Berkeley · · Score: 2

    Your zeal is misplaced. ID theft wouldn't be an issue if LENDERS WERE NOT LAZY ASSHOLES.

        Why should YOU be on the hook for clearing yourself if some LENDER lends "you" money, without actually bothering to really find out it is YOU, and then goes after YOU when it was "you" who actually got the money.

        Seems like the lender didn't do due diligence to me! Same thing with credit bureaus, they accept gossip about YOU and repeat it when it was "you", not YOU who actually did the actions.

        And somehow YOU are the victim?

        Legislation needs to be issued forthwith forbidding ANY lender from putting ANYTHING derogatory in your credit report unless they can PROVE whatever they have a problem with was done by you and no one else. Also, lenders should NOT be able to attempt to collect from a person unless they can prove that self-same person is the person they gave their money to.

    ID theft would largely be a thing of the past.

    --PM