$820 nice, Where can I sell my ID?
Your entire ID is worth £820 to crooks on dark web black market
Fraudsters operating on the dark web could buy a person's entire identity ("fullz" in the cybercrook lingo) for just £820. Bank account details, Airbnb profiles and even Match.com logins are worth money to bidders that reside on the murkier side of the internet, a study by virtual private network comparison site Top10VPN.com …
COMMENTS
-
-
Thursday 8th March 2018 15:06 GMT Hans Neeson-Bumpsadese
More importantly how much are myspace logins worth?
The fact that someone has an active MySpace login could be of some value to a crim. Knowing how much a mark does or doesn't embrace technology/trends could be a clue to what else you could harvest for them, how likely they are to spot ID theft straight away, etc.
Compare with the spelling/grammar errors in Nigerian scammer letters. Most people will spot these as evidence that the proposal is fake. Those who are a little more hard of thinking won't...and so may be easier to pull into the scam.
-
-
Friday 9th March 2018 09:25 GMT Anonymous Coward
> Hey I still log into my space account once a year. I use that for when board and customs ask to see my Farcebook page. No will belive that you don't have one
Possibly because those of us who have the self-respect not to have one also have the self-respect to refuse travel to oppressive regimes, so their minions at ports of entry do not often get exposed to our kind.
-
-
-
Friday 9th March 2018 09:17 GMT Anonymous Coward
Forget MySpace
> More importantly how much are myspace logins worth?
On a semi-serious topic, how many here remember theglobe.com?
That was the first attempt at inventing social media that got widespread public attention, in '99 or so. The guys behind it were on the headlines of every newspaper in the world when the company IPOed. Sadly for them, that was just weeks before the .com bubble burst so now they are complete and utter history.
At least MySpace leaves on in the collective consciousness, if only as the subject of jokes.
-
-
This post has been deleted by its author
-
-
Friday 9th March 2018 09:34 GMT Anonymous Coward
Re: How Are They Obtained....
> Employers like to see / photocopy your passport.
In the UK, you may want to add. Where I mostly live that's not the case (I am an employer).
In the very infrequent cases when you are requested to provide a copy of a form of ID, all personal details apart from name (but including photograph) are blacked out in your presence. Which I found rather impressive.
I do not recall even providing a copy of a form of ID to a government agency (as opposed to proving my identity by showing one, that's very common). I doubt that's even possible since the law explicitly bars the possibility of authenticating a copy of an ID, it's either originals or nothing.
-
Thursday 8th March 2018 16:51 GMT Hans Neeson-Bumpsadese
Re: How Are They Obtained....
It can be easier for the criminal to find someone on the inside of the security barrier who will obtain the information on their behalf in return for a cash reward. Saves the effort of figuring out how to break through the layers of security, and distances them to a degree from the actual theft.
Given the level of wages in public sector and call centres, I would expect that the financial incentive could be tempting for some.
-
This post has been deleted by its author
-
-
-
This post has been deleted by its author
-
Thursday 8th March 2018 20:02 GMT heyrick
Re: How Are They Obtained....
"any copies of passports are stored in online systems ?"
My passport is my ID in France. Numerous times the numbers are typed into a computer system (social security, bank, telephone contract) in addition to taking an electronic photocopy (it's a photocopy machine but no paper comes out so I presume it's set to email documents somewhere). I think quite often it is similar software involved as the typed information is always thrown at "IPA" as the issuer. I have no idea where that is (it was all done by post) so I tell everybody "Cardiff" because where my last passport was issued from, and they're all happy with that.
So, yeah... Do you want some sort of database with names, addresses, and ID numbers or would you rather have a bunch of emails (JPEGs on a NAS?) with full colour scans of the documents? Your choice, but it's all going electronic these days...
-
-
-
This post has been deleted by its author
-
-
Thursday 8th March 2018 17:46 GMT Anonymous Coward
Re: El Reg login ?
I would value it at around £2, considering it merely contains public posts. However being able to view posts someone clicked as "Post anonymously" as their real identity would be an interesting target. That's where the value sits and why it reaches a whopping total of £2.
Which is why you should never click "post anonymously". It makes your account more valuable. It's really not worth the risk to be honest.
-
-
Thursday 8th March 2018 17:46 GMT Robert Carnegie
Doubtful
Not everyone's details are equally hacked and equally available at that price. I would suppose that for instance Theresa May's or David Beckham's identity is more difficult to get hold of - although maybe you'll tell me that they've been hacked already. Or that I am about to be - an expensive for you, more so for me, way to make a point though. Still, I think the prices stated are for ordinary people with a reasonably good reputation whose credentials happen to be available to be abused. Most people's aren't.
Also, pick good random-letter passwords, and don't ever open disreputable web sites. Yes, I'm writing this on The Register :-)
-
Thursday 8th March 2018 18:14 GMT Anonymous Coward
"a person's entire identity ("fullz" in the cybercrook lingo) for just £820."
Time to start manufacturing huge quantities of apparently-real but actually-fake pseudo-people to sell to the crooks. I'll have to automate the process. Standby for human population that's actively on-line to double over night.
I'm. Gonna. Be. Rich...
-
Thursday 8th March 2018 18:44 GMT Graham Cobb
What are these guys selling?
Our research is a stark reminder of just how easy it is to get hold of personal info on the dark web and the sheer variety of routes that fraudsters can take to get hold of your money.
No, it isn't a reminder of either of these things.
There is no evidence shown that the personal info is actually valid, and is for someone who is a valuable catch. And the quantity of information available is tiny compared to the population. The real killer is the apparently very low prices: if buying someone's ID would allow me to "get hold of their money" I would presumably be willing to pay more than a few pounds for it.
What it is a reminder of is how relatively useless personal info on the dark web is and how effective fraud protections are.
So what are these people trying to sell with this scare story?
-
Thursday 8th March 2018 19:41 GMT Pen-y-gors
This starts to makes sense...
Lately I've had several attempted fraud e-mails - addressed to 'accounts' from a company director instructing immediate fastpay transfer of £9926 to Jane Edwards ac/ no ...blah...invoice to follow etc.
Some of them are quite convincing, and I am pretty sure the bank details are genuine hacked accounts - as available for £168 on the darkwebs. Setting up a new a/c is too much hard work. and £168 isn't a lot if you can net several times £9K (they're all under £10K)
These are a step on from phishing and Nigerian scams. They are direct attempts at fraud, and involve a bank a/c that has been hacked (and presumably emptied).
Obvious thing to do is report to local fuzz. I did. Got a call back fairly promptly. Basically, nothing to do with us, report it to 'ActionFraud' who handle these things. I enquired whether they had contacted the bank about the compromised a/c. No, report it to ActionFraud.
Okay, so contact ActionFraud. Will they immediately contact the bank? No, we just record details and pass on to City police who may use the info if they can be arsed. So, no contact bank to warn them about compromised a/c? No, we will pass the details on.
Tried to report problem to bank. They have no mechanism for third parties to report account hacking fraud, you can only report your own a/c.
What the feck is going on here? This isn't "Can I give you TEN MILLION DOLLARS " emails - it is a theft in progress. If I saw a bloke put a brick through a jeweler's window and he was standing in the shop helping himself, would the plods say "We'll take a note of the details"? (Actually, don't answer that one)
In this case, all of them are using spoofed 'Reply To' addresses which go to myco-name.com-8.eu (or com-2 or com-v) so shouldn't be too tricky to trace the domain registrations, no? After two weeks they're still coming in so the fuzz have done SFA to block the registrations.
I despair. Who do we complain to? PCCs?
-
-
This post has been deleted by its author
-
Friday 9th March 2018 09:46 GMT Anonymous Coward
Re: This starts to makes sense...
> Make a big fuss on Twitter
For which you would have to, ironically, rent a bunch of "followers" who will "trend" and "repost" and whatnot your denunciation.
The other poster may wish to try emailing The Register's newsroom though, and that of a few other publications usually running these sort of stories (The Grau?)
-
-
Thursday 8th March 2018 21:21 GMT Phil Endecott
Re: This starts to makes sense...
> They have no mechanism for third parties to report account hacking
> fraud, you can only report your own a/c.
It might actually be possible to phone your own bank. Tell them that you weren't taken in by the fraud but you want to report the account number anyway. Banks DO have methods to report this to other banks. Yours might invoke that without you having made a transfer. Or they might not.
-
Friday 9th March 2018 03:47 GMT ThatOne
Re: This starts to makes sense...
> it is a theft in progress
So what? The plods won't make any money spending time on it (besides the chances to catch the perpetrators are admittedly rather small), the bank doesn't care because it's not their money anyway and they'd only lose money trying to solve this, so nobody will do anything unless they are really forced to (by law or scandal).
Being the ones in charge for that kind of problem does not mean they are meant to find a solution. It only means they are supposed to be the ones to hear about it (and maybe in the end give you a paper stating they did so).
-
-
This post has been deleted by its author
-
Thursday 8th March 2018 23:02 GMT Anonymous Coward
Hollywood keeps making optimistic / pollyannic Star-Wars / Star-Trek sequels
But I fear we're on a much darker path towards Blakes-7 reality... The slow inevitable trench to Cloud-everything, the reluctant succumbing to government ID-cards and biometrics, large-scale hacks like Equifux, and the Facebook/Google industrial slurp complex... All of this can only lead to a far-darker consequences for ID theft... Even if ID spoofing / fraud is fixed magically overnight with some unexpected innovative solution, we needed it yesterday as the 'data' Genie-Bottle is already firmly toast!
Plus, the big tech oligarchs have such unhealthy ambitions over our lives and behavioral data, that its hard to keep enthusiasm. Follow big tech talking to investors in conference calls or read what ex-FB-executives say, and its not pretty! At the risk of using a polarizing word, its a little totalitarian.
Google-Facebook want to connect every cent of physical real-world data to digital profile activity, with them in the middle. So every time you look up a flight or buy health insurance, or choose a school for your kids, they have trading data to create individual custom pricing and t&c, right into your news feed etc. Transparency / fairness / openness? That's not the goal here...
Anyone look forward to the day that you search for a local bar with pizza and Google/FB sells that info to health and car insurers the next time you need a quote. That's the goal... Are regulators going to stop that: Irish-DPC? It paints a dystopian picture of a world that individuals have little control over...
GDPR will bring some new protections, but the EU is just not moving fast enough. Politicians / legislators / media apart from El-Reg, just don't get it! In parts of the world right now, its absolute Wild West unaccountability.
-
-
Friday 9th March 2018 09:54 GMT Anonymous Coward
Re: Will 'the Elite' help? They're part of the problem:
> https://www.bloomberg.com/news/features/2018-03-01/britain-s-white-collar-cops-are-getting-too-good-at-their-job
That's a rather, how shall we say, "explicit" article. And yes, I think we can all remember vivid examples of the "frustrations and worries and concerns" that Mr Cameron referred to. Such as every time there is an arms sale to Saudi Arabia (or pretty much everyone else).
-
-
-
Friday 9th March 2018 07:32 GMT Anonymous Coward
I'm not a number
Not only am I just a number I'm seen as just a very small number.
With the way everyone tries to get hold of my details via slurping and stealing you would have thought it was worth a good bit more than that.
It's not as if products are designed and then someone sees an opportunity to use the product to slurp, its the other way around, they see a need to slurp and then design a product that can entice you to use it for the purpose of slurping.
Slurped data is then so valuable that companies even design software and hardware to store it, manage it and pay staff to make adverts based upon it.
...just surprised I'm only worth 820 when so much effort goes into getting the stuff off me.