Your Stolen Identity Goes For $20 On the Internet Black Market

HughPickens.com writes: Keith Collins writes at Quartz that the going rate for a stolen identity is about twenty bucks on the internet black market. Collins analyzed hundreds of listings for a full set of someone's personal information—identification number, address, birthdate, etc., known as "fullz" that were put up for sale over the past year, using data collected by Grams, a search engine for the dark web. The listings ranged in price from less than $1 to about $450, converted from bitcoin. The median price for someone's identity was $21.35. The most expensive fullz came from a vendor called "OsamaBinFraudin," and listed a premium identity with a high credit score for $454.05. Listings on the lower end were typically less glamorous and included only the basics, like the victim's name, address, social security number, perhaps a mother's maiden name. Marketplaces on the dark web, not unlike eBay, have feedback systems for vendors ("cheap and good A+"), refund policies (usually stating that refunds are not allowed), and even well-labeled sections. "There is no shortage of hackers willing to do about anything, computer related, for money," writes Elizabeth Clarke. "and they are continually finding ways to monetize personal and business data."

My mother's maiden name is Hero

[Anonymous Coward]

Sadly, I married and took the last name Coward.

Re:

[FatdogHaiku]

Sadly, I married and took the last name Coward.

Although you lost a shot at TV fame (twice)... you'll always be well known here at /.

So, how much to buy a better life?

[NotDrWho]

My current identity sucks ass.

Re:So, how much to buy a better life?

[Demonoid-Penguin]

My current identity sucks ass.

So? Stop whining, scrape up $20 and buy a better one.

$100 will get you one with 500 Fffacebook friends and 1000 Twitter followers.

$1000 will get you one with no Ffffacebook friends or Twitter followers.

For $5 you could be Depak Chopra.

How many LifeLock employees?

[xxxJonBoyxxx]

It makes you wonder how many of these "hackers" are just LifeLock employees or other people in trusted positions who just took the data home with them?

(I remember my first job in healthcare. At 19 - pre-HIPAA - I used to browse the medical records of friends, family and famous people on the hospital network when I was bored and alone at work, and it occurred to me once how easy it would be to just save the "best" ones to a floppy each night.)

Re:

[bobbied]

These days if you tried that they'd be hauling your butt off to jail. This HIPPA thing make this a serious liability and hospitals and doctors have got nuts about it, so much that I cannot even make a doctor's appointment for my wife anymore, unless she's signed their form that says I can....

Re:

[tompaulco]

These days if you tried that they'd be hauling your butt off to jail. This HIPPA thing make this a serious liability and hospitals and doctors have got nuts about it, so much that I cannot even make a doctor's appointment for my wife anymore, unless she's signed their form that says I can....

Yes. Same here, and my wife speaks English pretty well, but she is sensitive about her English and always wants me to talk to the doctors. What pisses me off is that the patients and the low level peons have to obey every jot and tittle of the HIPAA code, while you can hear doctors casually discussing cases and identifying information with one another. Also, in the massively overcrowded hospitals with multiple patients in a room, they don't bother to get all of the other patients and patients families out

Re:How many LifeLock employees?

[xxxJonBoyxxx]

>> you're now on record for doing one of the most unethical things imaginable?

Our last three presidents collectively admitted to smoking pot, using cocaine, driving drunk, sleeping around, eating dog and more. Career-wise, I'll be fine.

I'd expect that it's the teenagers who are currently making racist comments on their Facebook feeds that can expect a lifetime of career-aborting revelations.

Re:

[alexhs]

Our last three presidents collectively admitted to smoking pot, using cocaine, driving drunk, sleeping around, eating dog and more. Career-wise, I'll be fine.

I expected a mention about causing the death of thousands of people abroad, but apparently there's nothing worse than intoxicating oneself, having sex between consenting adults, and not being a vegetarian.

Re:

[tompaulco]

I expected a mention about causing the death of thousands of people abroad, but apparently there's nothing worse than intoxicating oneself, having sex between consenting adults, and not being a vegetarian.

It's not like they directly caused them, or even had a desire to cause them. If nobody had blown up the Twin Towers, this all could have been avoided.

Re:

[xxxJonBoyxxx]

>> causing the death of thousands of people abroad

If my background check showed that, I think I'd understand why I was not being hired. :) Stay with the thread (i.e., people get over minor offenses and cultural missteps - even ill-considered tattoos - all the time) and you'll be okay.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:How many LifeLock employees?

[xxxJonBoyxxx]

>> It wasn't unethical when he did it.

Disagree. It was unethical when I did it. It may not have been illegal yet, and our hospital system (privacy clueless in the era before HIPAA) never told the folks in IT NOT to pry around the databases, medical records or stacks of bills we produced, but poking around people's personal business was still was an unethical invasion of privacy. Fortunately, I've "grown ethics" in the 20-odd years since I was a teenager, and there are better legal and technical deterrents and preventatives to this type of thing now.

Re:

[phantomfive]

there are better legal and technical deterrents and preventatives to this type of thing now.

Apparently not at the NSA [arstechnica.com].

Re:

[painandgreed]

Disagree. It was unethical when I did it. It may not have been illegal yet, and our hospital system (privacy clueless in the era before HIPAA) never told the folks in IT NOT to pry around the databases, medical records or stacks of bills we produced, but poking around people's personal business was still was an unethical invasion of privacy. Fortunately, I've "grown ethics" in the 20-odd years since I was a teenager, and there are better legal and technical deterrents and preventatives to this type of thing now.

Well, you do not grow "ethics", the are provided to you by the policies you work or otherwise act under. "Ethics" are following those rules as provided to you when you agree to work for somebody. Legalities are according to the law and are separate from ethics. Morals are your own personal code whether you adopt one that is provided to you by something like a religion or philosophy or not. If you personally disagree with what you did, it would have been immoral. If it was against your work policies at the t

Re:How many LifeLock employees?

[Anonymous Coward]

I used to work for a large card processor back in the 90's. Our call centers were staffed with temp employees as CSA's, which provided a way for gangs to infiltrate the company so that they could get customer personal info, purchase history and lots of other financial info. I remember one time while working on the call center floor when some men from the company's security division along with six cops rounded up 5 members of one of these gangs and hauled them off in hand cuffs. Given how porous that networks have been during the last 10-15 years I doubt they even bother trying to get people on the inside anymore.

Re:

[Anonymous Coward]

I find it funny that the same people don't ask the same questions about groups like Anonymous.

They're not magic, they don't have superpowers...they don't even have tools that aren't available to the general public, yet they seem to have an inordinate amount of success at getting to their targets. How? Easy, they use the same tactics that terrorists use. They appeal to one's morality and sense of social justice, convince people in positions of power that they're fighting the same enemy and for a common cause

Re:Are there lists?

[xxxJonBoyxxx]

>> Are there lists of compromised identities? I'd like to see if I'm on it.

Sure, just post your name, social security number, credit card number and PIN here and we'll look it up.

Re:

[LessThanObvious]

Well... if a stranger is willing to pay $20 for my record, I'd pay $80 to remove it from circulation.

Re:

[Nidi62]

Sure. Just post for us your name, address, social security number, and credit card numbers (with security codes), so that we can see if any of your information is on the list. We also offer password protection analysis: post your account names and passwords and tell us what websites they are used for and we can tell you how vulnerable your accounts are to hacking.

Re:

[Anonymous Coward]

Unfortunately such a list would be woefully incomplete. Think forum posts thousands long uncached and hidden away in the darker places of the internet. And remember, these people are making a living off your information. Each identity is closely guarded by criminals far better than the original defenders until somebody pays up.

Joke's on You!

[seven of five]

I have $10 in my account....

Re:

[Jamu]

Maybe you could buy slashdot.

Re:

[PopeRatzo]

I have $10 in my account....

Yeah. Somebody steals my identity, they're in for a big surprise.

Re:

[Anonymous Coward]

Someone can still run up $50,000 debt in your name. This is no joke.

Re:Joke's on You!

[CimmerianX]

Yours must be one of the accounts that goes for $1.40.

Re:

[account_deleted]

Comment removed based on user account deletion

DarkNet Marketing Extravaganza!

[fustakrakich]

When do they have their their white sale? On Black Friday?

Sounds pretty organized

[tompaulco]

This sounds like an organized, well thought out network. It's a shame that they are only getting $20 a pop. If they were to use their powers for Good instead of Evil, they could probably be making many times more money.
The thing that pisses me off about theft is that the thief only gets away with $5, but the damage they cause is $500. When they steal 40 cents worth of copper from your AC, you now have to buy a new $5,000 AC. When they steal your identity for $20, they ruin your credit for the rest of your

Re:

[liquid_schwartz]

I always wish people like this were hunted down with the same zeal as terrorists. Black ops on identity thieves is something I could really rally behind :-)

ID theft is the fault of lenders, credit bureaus

[PeterM from Berkeley]

Your zeal is misplaced. ID theft wouldn't be an issue if LENDERS WERE NOT LAZY ASSHOLES.

Why should YOU be on the hook for clearing yourself if some LENDER lends "you" money, without actually bothering to really find out it is YOU, and then goes after YOU when it was "you" who actually got the money.

Seems like the lender didn't do due diligence to me! Same thing with credit bureaus, they accept gossip about YOU and repeat it when it was "you", not YOU who actually did the ac

Not much...

[MagickalMyst]

Compared to the cost of your organs [gizmodo.com] on the black market.

can I sell my own identity?

[Khashishi]

I could use $20. Hey, it's not stolen if I sell it myself, right?

Who's identity *isn't* for sale

[jcadam]

Considering how many times my identity has been "compromised" by organizations I've entrusted with my PII (Insurance companies, banks, and several different government agencies), I don't know why I even bother trying to maintain a credit rating at all.

I'm sure I've been bought and sold a dozen times by now. My kids probably have a few defaulted mortgages on their records that they'll get to discover when they apply for student loans in 10 years or so.