by Scott Lewis
The data black market is a demand-based economy; just like any other economy, it must have buyers and sellers. The price for this data is driven by the demand for the information. The demand for this data is so high that the data black market is a multibillion-dollar economy that is only growing and doesn’t show any signs of slowing down.
Who are these people who make up the data black market? Like any other demand-based economy, the data black market has to have some basic components to work. First off, there has to be demand, a pool of cybercriminals who want to have the data and are willing to pay for it. Then it takes a whole team of people to create the market: programmers who will develop malware, viruses and other access-gaining programs to collect the data; web designers who develop a method for distribution of the malware and/or viruses; technical experts because, just like your infrastructure, the data black market must be supported with a high-performance infrastructure as a delivery and storage methodology; and hackers who develop a marketing process through social media, email and advertisements to spread the malware through spam. Last, the distributor, that central point where all the data comes and the buyers meet sellers; these are the people who manage the cyberexchange of data for money.
Let’s take a closer look at how this data black market actually works. Just like any other market, it must be profitable, and there must be enough profit in it to make it worth the risk.
Step 1: There has to be a demand. That demand creates opportunity for cybercriminals to make a profit, so these heads of cybercriminal networks employ programmers to develop malware, spyware or viruses. These programs are specifically designed to collect data or to allow access to systems that people use in their daily lives, such as banking sites, online commerce, business networks and medical records.
Step 2: You have to have a delivery and collection method. Hackers and scammers use spamming, social media and phishing attacks in order to get unsuspecting web users to execute the program and provide system access. These tend to be very sophisticated programs that are designed to elude antivirus programs and web filters. Based on the human factor and our addiction to social media, web browsing and the huge increase of web-based applications, system security must be a high priority.
Step 3: Just like legal businesses that promote their goods and services, so does the data black market. Once your system and data have been compromised, the sellers of stolen data provide warranties, discounts for volume purchases, and demonstrations of goods and promotional discounts with coupons. These promotions are a coordinated effort through underground chat rooms and forums, along with social media outlets.
Step 4: The sales process on the data black market is very similar to any traditional sales process:
• Buyer makes contact with seller through a chat room, online forum or generic email address.
• The deal is negotiated, and a price is set and accepted.
• Payment methodology, such as PayPal or Western Union, is set.
• Determine a support and customer service transaction methodology; in the event that the product is not acceptable, there is a process of how to re-create a new transaction.
Step 5: Follow the money! Some of these situations can create huge financial transactions that will require the money to basically be laundered to ensure that the cybercriminals are not being tracked. They will do this process through legal business entities or through a process of cybermules and fake job offers. Basically, they get people to accept commissions in order to make deposits and withdrawals through legal business accounts or through personal accounts.
The data black market is huge, and the demand for data and information is extremely high and growing. Regardless of the type of data, there is a demand for it. Everything from credit cards to personal information, medical records and bank account information is online now and someone wants it! The basic rules still apply: Don’t open emails for which you don’t know the sender; don’t respond to emails asking you to verify your account information or log-in information. It is a scam. Make sure websites that are doing financial transactions are secured with that little lock in the URL line. Data theft is an opportunistic crime; it relies on businesses and individuals that let their guards down by not upgrading their systems, not checking and testing their systems, and not accounting for the human factor – that clicking on the cute doggie picture … we just can’t help ourselves. It takes only a second, and it is the simplest mistakes that create that opportunity for you or your business to become a victim.
Scott Lewis is the president and CEO of Winning Technologies Group of Companies, an international technology management company. Scott has more than 30 years of experience in the technology industry and is a nationally recognized speaker on technology subjects such as colocation, security, CIO-level management, data and voice communications, and best practices related to the management of technology resources. Learn more about Winning Technologies at www.winningtech.com or call 877-379-8279.
Submitted 8 years 61 days ago