On the dark street of the darknet

The transition of many areas of life online is no longer a curiosity. The Internet has replaced going to the cinema or an art museum. Sitting on the couch, you can chat with friends around the world, buy the right device or wardrobe item, find a job, solve medical and legal problems, get an education, travel around countries and continents … However, with various benefits, crime has also moved to the Network – underground markets with illegal transactions for millions of dollars are also mastering the virtual space. Cases of server hacking and information leaks have become more frequent. And the carelessness of users and the illusion of anonymity have led to the fact that fraudsters steal and sell personal data. All this is the harsh realities of the darknet, the wrong side of the World Wide Web familiar to everyone.

Shady deals worth millions

The entire virtual world can be divided into 3 segments:

• public network – sites with free entry;
• deepweb (from the English. deep – “deep”) – password-protected sites and closed groups, which, nevertheless, can be accessed using standard search tools and browsers;
• dark web or darknet (from the English dark – “dark”) – a hidden part of the network, where you cannot enter without special tools. The fact that a person has never been in these “dark rooms” does not mean that there is no information about him.

It is the last segment that is used by criminals to post prohibited content, sell taboo goods or services. There, hackers on thematic forums discuss options hacking and overcoming the protection of corporate networks. And in the same place transactions of purchase and sale of various confidential bases are made.

According to a Gemini Advisory report, 115 million debit and credit card information was sold via the dark web in 2020; 87 million of them are issued by US banks. One of the largest darknet marketplaces, Joker’s Stash, conducted shadow transactions worth more than $1 billion by the time it closed in February this year. Through another similar platform, BrainsClub, almost 8 million debit card data were sold in the first half of 2019 alone (for comparison , for the whole of 2015 there were 1.7 million such transactions).

Everything ingenious is simple?

There are several ways to get the desired data without the knowledge of the owner. The most popular of them:

• Illegal modification or hacking of the ATM. A special device is installed on the device.
• Creation of phishing resources or criminal access to original sites.

In both the first and second cases, service information is read during its use by the owner, after which it is sorted and laid out for sale on the darknet. On average, each US citizen card brings hackers $13–17. When the account goes to hundreds of thousands and millions of pieces, the business for scammers becomes very profitable.

At the same time, it is very simple to use the data of a stolen card. Attackers enter payment information when making payments in online stores and purchase goods worth thousands of dollars. Often they manage to make several purchases before the theft is detected and the service is blocked.

Interestingly, some of the “dark alley” sellers issue a guarantee for the use of the goods for a certain time. And they even offer to make a few small purchases for testing – to make sure that the cards are working.

How to protect yourself from card data theft?

The easiest option is not to use this payment instrument at all, which in the modern world, due to the convenience of the service, not everyone decides to do. To reduce the likelihood of theft, you can do the following:

• Set up SMS banking or e-mail notification when a transaction is made. Connect the request function to a mobile phone when debiting large amounts.
• Use a credit card with a low limit instead of a debit card linked to a bank account.
• Use the option of online payment via Google Pay or Apple Pay. These services do not transfer card data when making a transaction, but create a one-time token.
• Conduct a visual external inspection of an ATM or terminal (especially outdoor ones) for the presence of unauthorized devices.
• Use strong, not easy-to-remember passwords.

The last tip is often overlooked by users. For example, the top ten most common passwords from the hacked database of 2020 (which contained the credentials of 275 million users!) looks like this: 123456; 123456789; picture1; password; 12345678; 111111; 123123; 12345; 1234567890; the word “password” in languages ​​other than English.

Nothing much has changed compared to last year. Most likely, some passwords were simply swapped in the popularity rating. In addition to correcting such a frivolous attitude towards protecting your digital wallet, you should also heed the following tips:

• Do not use the same passwords on different resources and change them at least once every few months.
• Enable two-factor authentication when this option is available.
• Do not click on links from untrusted sources and do not open attachments from suspicious emails.
• Immediately block the card as soon as you notice the write-off of funds for purchases that you did not make.

Of course, following these rules does not give a 100% guarantee that attackers will not learn information in another way, but it can significantly reduce the likelihood of such an event. After all, it is unlikely that anyone will specifically hunt for the contents of the electronic wallet of an ordinary citizen (unless he reliably finds out about the millions hidden in it). In 95% of cases, the fraudulent scheme works solely due to the inattention of the victim, although the situation is aggravated by “drains” of customer databases of various organizations. But here little depends on us.

Thus, the darknet has settled down on the web. And, despite all the efforts of law enforcement agencies, it is unlikely to leave it in the foreseeable future. Therefore, ordinary citizens should not lose vigilance – so that its impact on finances does not become fatal.