Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:00 AM
Itay Glick
Itay Glick
Connect Directly
E-Mail vvv

Darknet: Where Your Stolen Identity Goes to Live

Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.

How much is a human life worth? If you ask folks on the Darknet, the answer could be as little as a nickel—when ordered in bulk, that is. Orders for identities in packages of up to 100 could cost as much as 25¢ apiece. A merchant with a store on AlphaBay Market has been advertising a “USA Personal Info” kit that consists of names, addresses, phone numbers, Social Security numbers, bank account information, and so on, and is “guaranteed fresh!”

The merchant’s 3,800 buyers agree. “Thanks for the $^$#&$ price,” says one satisfied customer, with others calling the data dump “awesome,” “legit information,” and “A+.” To be fair, one customer was not entirely satisfied: “Request more FL listings,” but otherwise, the customer commented, “Everything is perfect.”

If you're in the market for stolen identities, you can find all you want on AlphaBay, one of the premier marketplaces on the Darknet. The market is just a few clicks away—all you need to get there is the Tor browser. In the past, people used Tor mainly to access Internet sites without being monitored by Internet service providers or, worse, by governments. In places like Iran and China, where the government tries to limit Internet access, Tor enables residents to access forbidden sites such as Facebook. But Tor is also used to access Darknet markets, where all manner of illicit goods and services are bought and sold.

After installing Tor, you’ll see that connecting with sellers like Zloy3 in the Darknet is fast, simple, and secure. But secure is the one thing you can't say about identities. They are the gift that keeps on giving. Whereas hacked credit cards tend to be good for a single use at most, because the bank or victim usually catches on fairly quickly, stolen identities can be used multiple times in multiple ways.

In addition, victims may not even learn that their identity has been stolen until major damage has been done to their finances, reputation, and credit rating. The task of notifying the various authorities that one’s identification documents are being used illegally takes additional time and much effort; in the meantime, the criminals are exploiting the victim’s identity in as many ways as possible. A fake application for a credit card doesn't affect the victim, but racking up charges with a credit card number that the victim doesn't even know exists is a different matter altogether, providing a much better return on investment for cybercrooks.

How to be an identity thief
While almost everything is available on the Darknet—drugs, weapons, and child pornography, for example—it excels as an educational channel for beginning identity thieves, offering resources and tools that almost guarantee success. The easiest route for a cybercriminal, of course, is to buy identity information from one of the thousands of peddlers in the Darknet marketplace, but that method requires a measure of trust; you have to have faith that the cybercrook who stole all the data will be honest enough not to cheat you. Understandably, many cybercrooks prefer to do identity “shopping” on their own, gathering information from databases to ensure the authenticity of the product. The Darknet is there to help them.

One of the most common methods of stealing identities begins with spearphishing email messages. Once a hacker has carried out a successful attack, everything within the organization’s network, including identity information, is accessible. For example, some 8 million people had their passport numbers and other valuable information stolen by cybercriminals who managed to penetrate one of Japan's biggest travel agencies, JTB Corp. The breach was apparently initiated when a JTB employee opened an attachment to a spearphishing email message purporting to contain travel information. The attachment was a Microsoft Word document with an embedded zero-day exploit that opened the door to the company’s network and databases.

Hackers who are preparing spearphishing attacks can also find useful ideas in one of the many social-engineering guides that are available on the Darknet and even on Amazon.com, with prices as low as $4 on the Darknet.

The point of stealing all that data, of course, is to make money from it, and the Darknet tells you how to do that. A novice hacker would probably benefit from packages like “Easy Security for Carding, Hacking and General / 25 guides in ONE!!! 3 DAYS FOR FREE” or “Ultimate Fraud Package – 6500 items – 2016 + FREE GIFT!” The latter, says the merchant, is “a super big package containing everything you can think of—eBooks, tutorials, guides about Bitcoin, PayPal, Bank Transfers, Hacker Tutorials, Carding, Fraud, Cashout Tutorials, Anarchist Handbook.” The price of this apparently college-level identity-theft course is a mere $9.99.

According to that merchant, 5,109 copies of the Ultimate Fraud Package have been sold since November 21, 2015, and the merchant's rating page is full of accolades, such as “Very good information and instant delivery,” “Thank you for all the good stuff,” and “Frigging bad English in some of his files but overall good! Thx!”

Once a hacker has learned the tricks of the trade, it's time to expand. Hackers who want to grow their business can use the Services section on AlphaBay and other Darknet markets to find competent personnel. One hacker, for example, offers “quality thefting services, new method to avoid CO.UK police reports with high amounts.”

Unfortunately, there is little individuals can do to protect themselves from identity thieves lurking on the Darknet to do them harm. For organizations, the best strategy is to educate users, consumers and protect personal data with the latest cybersecurity solutions.

Related Content:



Itay brings to Votiro more than 15 years of executive management experience in cybersecurity at global technology companies based in the U.S., Europe, and Asia. Prior to co-founding Votiro, he played a key role in managing the development of equipment for the lawful ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/8/2018 | 5:11:00 AM
Re: On the Internet, nobody knows if you're a cop
I have been waiting for this information for a long time. Thank you very much for the great post.

Asian fanfics
fairy flavia
fairy flavia,
User Rank: Apprentice
8/15/2018 | 5:08:28 AM
informative blog

Where Your Stolen Identity Goes to Live is really an informative blog. Awesome technique keep sharing.

UK economics assignment

User Rank: Apprentice
9/21/2017 | 6:57:40 AM
Re: Identity theft
There are negative and positive attributes to Dark Net. I can find the best cheap essay writing service in it and they come very cheap when compared to the regular sites available. However, viewers discretion should be maintained and they should go to places exactly without deviating; otherwise, they would end up in a lot of trouble.
User Rank: Ninja
9/29/2016 | 10:24:46 AM
Identity theft
It is just baffling to me how our private most data gets compromised in all this fiasco surrounding these hacking activites. I always prefer to encrypt my connection and use a changed IP to avoid all kinds of hacking and scam alerts by securing my connection with purevpn as they have strict no logs policy and also offer online encryted connection. Taking security measures is the root of all the preventive easures and therefore it is therefore important to deploy all of them to secure yurself from the embarrasment of data theft. 
User Rank: Ninja
8/24/2016 | 12:53:18 PM
On the Internet, nobody knows if you're a cop
In the criminal world, the ethics of the pirate ship will always prevail, but it's a lot easier to punish those who betray you if you know who they are and where to find them.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.
PUBLISHED: 2020-07-07
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
PUBLISHED: 2020-07-07
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.
PUBLISHED: 2020-07-07
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020).