The hard truth is that identity data is the new gold—and criminal panhandlers are mining it for sale and distribution on the Dark Web.
Indeed, the internet provides ways for big data leaks to result in disastrous leaks of huge databases of personal information, resulting in detailed profiles of individuals—based on their internet behaviors, including social media activities, online shopping, financial transactions and more—being sold for nefarious purposes.
It’s all about identity theft. What does it mean for digital citizens like us? And what can we do about it?
The Mining of Identity Data
In 2019, data of all kinds is being criminally mined on the internet, but the theft and sale of identity data in particular is rising dramatically. How is this possible? In today’s highly-connected society, we’re constantly being asked to provide personal information to retailers, surveys, medical professionals, and other data collection efforts. We constantly disclose our name, address, social security number, health status, purchasing history, credit card numbers, and more. Anytime there’s a leak in an online database holding such data, by accident or malicious hacker intent, cybercriminals pounce on it to mine it for the identity gold.
“Identity theft and identity fraud…refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data…,” says the US Department of Justice, Criminal Division, in its Fraud Section report, reminding us what it’s all about. Data leaksare the goldmine for this kind of theft.
One of the more recent leaks collected, packaged and sold about 26 Million new accounts on the Dark Web by hacking several websites, including online shopping, career and learning platforms. A longer list of leaks—see The 18 Biggest Data Leaks of the 21st Century, as well as Wikipedia’s List of Data Leaks—reveals how chronic it’s become. Because our personal data is often stored on internet sites, many of which are crucial to our way of life, we forget that simply registering and providing personal details can lead to more precise and accurate description of our location, our healthcare information, and even information indicated on our government-issued IDs. And its sale on the Dark Web is a very bad outcome.
The Dark Web (or Darknet) refers to that part of the internet that hides your identity and location when you’re on it. Dark Web websites are accessible only through Tor (the “Onion Routing”” browser) and through I2P (the Invisible Internet Project””). Historically, one of the reasons for the creation of the Dark Web was to provide US Navy intelligence officers a means to maneuver on the internet without being recognized or traced. The Tor network achieves anonymity by bouncing the request through a large number of intermediate servers and employing a layered encryption system on the identification of the source IP where the search originated so that no one knows where the request for a webpage or site ultimately comes from. I2P specializes in allowing the anonymous hosting of websites, so the target IP address is unknown to the searcher.
In short, browsing the Dark Web allows you to anonymously access “anonymized” websites, not all of which are bad, but also many sites that are, collectively known as Darknet markets. The former category includes SecureDrop, which lets news organizations receive anonymous submissions. The latter category included Silkroad 1.0, which was launched in February of 2011; and 2.0, which was finally shut down in November of 2014 by the FBI. The Dark Web or Darknet is still a channel for all kinds of illegal activities, including a place for radical extremists to spread propaganda—and remains a region on the internet for the sale of illegally gotten identity data.
Protecting Your Identity
Although data protection laws state that any personal data set that’s stored online has to be stripped of identifiers such as name and social security, true compliance is difficult to maintain or enforce—so each one of us has the ultimate responsibility to protect our data to stay safe online. Here are some practical steps you can take to help protect your identity:
Accounts and Usernames: Think carefully when choosing your username for your online accounts and email addresses. Choose something that does not closely identify with your full name or other personal information.
Passwords: If you use several internet services, social media accounts, and email addresses, you’ll need a lot of passwords. Tempting as it is, avoid using the same password for all your accounts. Use a unique password for each account, one that you can remember, but that’s not easy to guess. We highly recommend using Trend Micro Password Manager to generate strong passwords, to keep them safe, and to change them frequently. Banking apps and other payment system apps also utilize two-factor authentication, which you should take advantage of for more secure transactions and purchases.
Privacy: Keep your personal information private online and enable strong privacy controls on your social media accounts.
Protect your devices: Don’t leave your mobile devices and laptops unattended and enable PIN and password to unlock them.
Remediation: If you hear of a major online data leak, sit up and take notice: you might need to take active steps to remediate the situation. As with the Equifax Data Leak of 2017, where sensitive data on 143 Million Americans was exposed, remediation may mean locking or freezing your credit on each of the credit bureaus: Equifax, Experian, and TransUnion. With other types of leaks, it may simply mean closing an account or canceling a credit card. As with the credit bureaus, many banks have identity protection services that you can also avail yourself of.
Trend Micro ID Safe
Apart from the best practices outlined above, you should also install Trend Micro ID Safe for Android and iOS on your mobile devices, to monitor and help remediate any known security issues with your identity data.
What is ID Safe? ID Safe checks if any of your personal information stolen from data leaks is circulating on the Dark Web for sale or distribution by cybercriminals. It identifies which accounts were leaked and the kind of data posted, then notifies you, so you can take steps to change your account credentials or remediate any potential effects of the illegal distribution or sale of your personal data.
Top-notch Security. To ensure the highest level of security when handling your personal information, ID Safe first hashes the data you enter on the app (essentially converting the text to an irreversible number) using the SHA-256 hashing standard—the world’s most secure— before sending it through an encrypted connection to check it against a comprehensive Dark Web database.
Easy to Use Tools. You can quickly check if your personal data has reached the Dark Web with just a few taps, using its various tools:
- Email Checker. See if the email address you use for online accounts has appeared on the Dark Web due to a data leak. If it finds your address, the app shows exactly which accounts suffered the leak, so you immediately know which passwords to change.
- Credit Card Checker. Find out if someone has stolen your credit card number and put it on the Dark Web.
- Password Checker. You should not only use unique passwords for all of your accounts but also choose passwords that nobody else has ever used. ID Safe can see if you have used a password currently in circulation on the Dark Web.
- Dark Web Personal Data Monitor. ID Safe can scour the Dark Web for sensitive personal information like your bank account numbers, driver’s license data, social security number, and passport details, then immediately alert you if they ever appear there.
GDPR Compliant. Finally, you should know that Trend Micro takes your privacy seriously and complies with the European Union’s General Data Protection Regulations (GDPR) to protect your data. Read ID Safe’s data collection notice.
For more information and to download ID Safe, go to Trend Micro ID Safe iOS App Store and Google Play.