It's common to hear about large data breeches, but what happens to your data when it's stolen? Like most legal commodities, stolen data products flow through a supply chain consisting of producers, distributors, and consumers. Multiple criminal organizations are connected in the supply chain.
Producers arehackers who exploit vulnerable systems and steal sensitive information such as credit card numbers, bank account information, and Social Security numbers The data is sold by distributors and wholesalers. The data is purchased by consumers who use it to commit various forms of fraud.
Darknet markets are websites that look like e-commerce websites but are only accessible using special browsers.
Thousands of vendors sell stolen data products on the darknet. Over the course of eight months, these vendors had more than 140 million dollars in revenue.
Darknet markets provide a way for vendors to connect with potential buyers. Darknet markets are often used to sell illegal products. It's important to note that access to darknet markets requires the use of special software, which provides security and anonymity.
The first darknet market was created by Silk Road. Ross Ulbricht was sentenced to two life sentences plus 40 years without the possibility of parole after the market was seized. The intended deterrent effect was not apparent when Ulbricht was sentenced to prison. In doing so, multiple markets filled the void and created a thriving market for stolen personal data.
| Key stats from individual darknet stolen data marketplaces | ||||
|---|---|---|---|---|
| Market | Vendors | Listings | Sales | Revenue |
| Agartha | 302 | 16,296 | 237,512 | $91,582,216.00 |
| Amazin | 6 | 43 | - | - |
| Apollon | 650 | 9,885 | 238 | $3,703.00 |
| Asean/ASAP | 59 | 2,921 | 0 | 0 |
| Aurora | 71 | 2,913 | 128,561 | $3,003,846.00 |
| Babylon | 14 | 55 | - | - |
| CanadaHQ | 125 | 2,886 | 4,271 | $241,656.00 |
| Cartel | 44 | 487 | 61,604 | $31,280,508.00 |
| Corona | 95 | 2,979 | 19,149 | $1,553,850.00 |
| Cypher | 56 | 2,472 | 123 | $20,009.00 |
| Dark | 248 | 8,679 | 19,783 | $571,512.00 |
| Dark0de | 52 | 487 | - | - |
| DarkBay/Lime | 101 | 10,004 | 72 | $60,076.00 |
| Darkfox | 159 | 2,040 | 15,929 | $74,057.00 |
| DeepMart | 23 | 218 | 37,095 | $9,156,025.00 |
| DeepSea | 141 | 4,437 | 11,905 | $116,962.00 |
| Elite | 52 | 691 | 22,079 | $147,245.00 |
| Icarus | 88 | 557 | - | - |
| Liberty | 19 | 189 | - | - |
| Neptune | 160 | 6,507 | 1,140 | $23,696.00 |
| Royal | 13 | 54 | 0 | 0 |
| Silk Road* | 28 | 38 | 490 | $15,053.00 |
| Tor2Door | 52 | 1,908 | 207 | $1,796.00 |
| Torrez | 85 | 1,707 | 5,189 | $145,198.00 |
| Versus | 99 | 3,959 | 6,532 | $125,363.00 |
| ViceCity | 101 | 1,776 | 3,150 | $57,018.00 |
| WhiteHouse | 306 | 11,184 | 56,950 | $2,146,730.00 |
| World | 24 | 749 | 223 | $3,280.00 |
| Yakuza | 48 | 411 | 5 | $8,200.00 |
| YellowBrick | 39 | 140 | - | - |
| Data source: Christian Jordan Howell |
We conducted the largest systematic examination of stolen data markets that we are aware of in order to better understand the size and scope of this illegal online market. We identified 30 darknet markets that advertised stolen data.
We extract information about stolen data products from the markets on a weekly basis for eight months. The number of vendors selling stolen data products, the number of stolen data products advertised, the number of products sold, and the amount of revenue generated were all determined.
There were 2,158 vendors who advertised on the 30 marketplaces. There were not equal distribution of vendors and product listings. There were 3,222 product listings related to stolen data products. There is a lot of variation in the markets. The marketplaces generated over $5 million in revenue.
Each market was analyzed individually after we assessed the aggregate characteristics. Most of the stolen data products were sold in a few markets. Apollon, WhiteHouse, and Agartha were the largest markets. The total number of sales and the number of listings ranged from zero to 237,512. For the most successful market, Agartha, the total revenue ranged from $0 to $91,582,206.
Most companies in the US make between $10 million and $1 billion a year. We tracked the revenue earned by Agartha and Cartel over the course of 35 weeks to see if they were categorized as a mid-sized company. If given a full year to earn, the markets of Aurora, DeepMart, and WhiteHouse were on track to reach the revenue of a small company.
The underground economy and supply chain are detailed in our research. There are likely to be marketplaces for stolen data.
AdvertisementDarknet markets are difficult to disrupt directly, but efforts to prevent customers of stolen data from using it offer some hope. Artificial intelligence can give law enforcement agencies, financial institutions, and others information to prevent stolen data from being used to commit fraud. The underground economy that makes money from your personal data could be disrupted.
David Maimon is professor of criminal justice and criminology at Georgia State University.
Under a Creative Commons license, this article is re-posted. The original article is worth a read.
All Rights Reserved © 2024
