Millions made from personal data.
Photo: HS

A close look into one dark web market.

AUSSIE DATA SOLD

A new study by cybersecurity company NordVPN has analysed one of the dark web markets that to this day has illegally sold more than 720 thousand items and data pieces for $17.3 million USD ($23.2 million AUD).

The most expensive merchandise was full identity data sets, which had an average price of $112.5 AUD. This is 8 times more than the two cheapest categories – Australian mobile numbers and emails – which had an average price of $13.4 AUD.

Among the items found were passports, personal IDs, driving licenses, email, payment card data, mobile phone numbers, online accounts, bank account logins and crypto accounts, as well as personal data.

“This one market is just the tip of an iceberg,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

“There are over 30K websites on the dark web at the moment. Keep in mind that only 4% of the entire internet belongs to the surface web that is available to any user online.”

“The market that was analysed in our case study was chosen because it was used by some big hacker groups in the past, such as the one involved in AT&T data theft in August of last year,” he said.

The study was conducted in partnership with third-party cybersecurity researchers with an aim to warn users about the possible dangers of illegal activities people take part in on the dark web.

PRICES AND TARGETS

Average prices of found Australian items and data include:

Australian full identity data sets were the most expensive among Australian merchandise found on the analysed dark web market. This kind of set usually includes name, surname, identification number, address, birth date, and other information that help criminals to perform identity theft and other crimes.

Australian passports were the fifth cheapest in the world, with an average price of $16.5 AUD. Czech, Slovakian or Lithuanian passports were the costliest (avg. price $5,104 AUD) The price depends on many factors, including how difficult it is to fake a document, how widely it is sold, and how commonly it is bought.

Similarly to other countries, Australian data that could be brute-forced or guessed is sold at much lower prices. Payment card data costs around $20 AUD and mobile phone numbers cost around $13 AUD on average.
Another easy way for hackers to steal a user’s data or digital asset is credential stuffing (when the leaked password or email is used to get access to other platforms). That is why online accounts come at a low price as well: a hacked Netflix account can be bought for $13 AUD, an Uber account for $16 AUD, and a Twitter account for as little as $2.7 AUD.

Crypto wallets and investment accounts cost more than payment processing accounts and even more than some of the bank accounts. With an average price of $530.55 AUD, the most expensive crypto account data is from Binance, followed by Kraken ($515 AUD) and Crypto.com ($470 AUD). Payment processing accounts (e.g., PayPal) have an average price of $134 AUD. The most expensive merchandise in this category is the CashApp account, costing around $328 AUD.

Some criminals also buy emails in batches and use them for phishing attacks or other malicious purposes. Researchers noticed that those emails could be put in three types: personal emails (avg. price for Australian $13.4 AUD), business emails (none Australian found; avg. price overall – $13.4 AUD), and voters’ emails (none Australian found; avg. price overall – $18.8 AUD).

Australian items:	Average price:
Payment card data	20 AUD
Mobile phone	13.4 AUD
Personal emails batch	13.4 AUD
Business emails batch	13.4 AUD
Full personal identity data set	112.5 AUD
Passport	16.5 AUD
Driving License	48 AUD

You can see the full price list of items found on the research page:
https://nordvpn.com/research-lab/dark-web-case-study/

REDUCE YOUR RISK ONLINE

“The broad scope of the data offered on these criminal markets shows the importance of taking charge of your security and privacy online. Your cybersecurity is in your hands.

“If you know the risks and equip yourself with the right tools and information, you’ll maximize your chances of keeping yourself and your family secure,” cybersecurity expert Adrianus Warmenhoven tells TOTT News.

He offers some steps as a starting point:

Make sites and services earn your trust: Hackers get lots of data by targeting the websites and services you share your data with. You can’t personally secure the servers that store your data, but you can vote with your wallet or feet. Make your data security a priority. If a site or a service asks you for sensitive data, ask tough questions about how the company secures it and what it will do if its data is breached.

Educate yourself: You can do a lot individually to protect your data. This will depend vastly on where you spend your time online, but you can be proactive and research ways to stay safe on the devices and services you use.

Stay vigilant: One side of the coin is knowing how to protect your data, and the other is knowing how to react quickly and effectively when your sensitive data is used without your permission.

Monitor your accounts: Request weekly bank statements or activate transaction notifications on your app. Turn on the security settings for all of your accounts so you know when login attempts are made from suspicious devices. Make use of tools offered by the sites or services you use (a password manager NordPass, for example, offers a password strength checker that will tell you if your password is present in any breaches).

Caution and vigilance can ensure your data is protected online.

ABOUT NORDVPN

NordVPN is the world’s most advanced VPN service provider used by over 14 million internet users worldwide. NordVPN provides double VPN encryption, malware blocking, and Onion Over VPN.

The product is very user-friendly, offers one of the best prices on the market, has over 5,000 servers in 60 countries worldwide, and is P2P-friendly. One of the key features of NordVPN is the zero-log policy.

For more information: nordvpn.com.

Methodology: The data was compiled in partnership with independent researchers specializing in cybersecurity incident research. They evaluated one marketplace on a dark web and analysed its listing data which included title, price, and country of shipment. No information that relates to an identified or identifiable individual (such as names, contact information, or other personal information) was involved in the research.

None of the listings were bought or reviewed more thoroughly than stated before to perform research. Data was received on April 1, 2022. The exchange rate from USD to AUD was 1 to 1.34 at the time of conversion (2022.04.21)