It’s common to hear news reports about major data breaches, but what happens if your personal information is stolen? Our research shows that, like most legal goods, stolen data products flow through a supply chain made up of manufacturers, wholesalers, and consumers. But this supply chain involves the interconnection of multiple criminal organizations operating in illegal underground marketplaces.
The stolen data supply chain starts with producers: hackers who exploit vulnerable systems and steal sensitive information such as credit card numbers, bank account information and social security numbers. Then the stolen data is advertised by wholesalers and distributors who sell the data. Finally, the data is bought by consumers who use it to commit various types of fraud, including fraudulent credit card transactions, identity theft, and phishing attacks.
This trade in stolen data between manufacturers, wholesalers and consumers is made possible by darknet marketplaces, which are websites that resemble regular e-commerce websites but can only be accessed through special browsers or authorization codes.
We found several thousand vendors selling tens of thousands of stolen data products across 30 darknet marketplaces. These suppliers had more than $140 million in revenue over an eight-month period.
Darknet Markets
Like traditional ecommerce sites, darknet marketplaces provide a platform for suppliers to connect with potential buyers to facilitate transactions. However, darknet markets are notorious for selling illegal products. Another important distinction is that accessing darknet markets requires the use of special software, such as the Onion Router or TOR, which provides security and anonymity.
Originating in 2011, Silk Road combined TOR and bitcoin to become the first known darknet marketplace. The market was finally taken in 2013 and its founder, Ross Ulbricht, was sentenced to two life sentences plus 40 years without the possibility of parole. Ulbricht’s hefty prison sentence did not appear to have the intended deterrent effect. Multiple markets sprang up to fill the void, creating a thriving ecosystem that capitalized on stolen personal data.
Stolen data ecosystem
Key stats from individual darknet marketplaces for stolen data | ||||
---|---|---|---|---|
Market | Seller | Mentions | sale | Revenue |
Agartha | 302 | 16,296 | 237,512 | $91,582,216.00 |
amaze | 6 | 43 | – | – |
Apollon | 650 | 9,885 | 238 | $3,703.00 |
ASEAN/ASAP | 59 | 2,921 | 0 | 0 |
Aurora | 71 | 2,913 | 128,561 | $3,003,846.00 |
Babylon | 14 | 55 | – | – |
CanadaHQ | 125 | 2,886 | 4,271 | $241,656.00 |
Cartel | 44 | 487 | 61,604 | $31,280,508.00 |
Corona | 95 | 2,979 | 19,149 | $1,553,850.00 |
Cypher | 56 | 2,472 | 123 | $20,009.00 |
Dark | 248 | 8,679 | 19,783 | $571,512.00 |
Dark0th | 52 | 487 | – | – |
DarkBay/lime | 101 | 10,004 | 72 | $60,076.00 |
Dark fox | 159 | 2,040 | 15,929 | $74,057.00 |
DeepMart | 23 | 218 | 37,095 | $9,156,025.00 |
Deep sea | 141 | 4,437 | 11,905 | $116,962.00 |
Elite | 52 | 691 | 22,079 | $147,245.00 |
Icarus | 88 | 557 | – | – |
Freedom | 19 | 189 | – | – |
Neptune | 160 | 6,507 | 1,140 | $23,696.00 |
Royal | 13 | 54 | 0 | 0 |
Silk Road* | 28 | 38 | 490 | $15,053.00 |
Tor2Door | 52 | 1,908 | 207 | $1,796.00 |
Torrez | 85 | 1,707 | 5,189 | $145,198.00 |
Versus | 99 | 3,959 | 6,532 | $125,363.00 |
ViceCity | 101 | 1,776 | 3,150 | $57,018.00 |
White House | 306 | 11,184 | 56,950 | $2,146,730.00 |
World | 24 | 749 | 223 | $3,280.00 |
Yakuza | 48 | 411 | 5 | $8,200.00 |
yellow brick | 39 | 140 | – | – |
Data source: Christian Jordan Howell |
We recognized the role of darknet markets in the trade of stolen data and conducted the largest systematic survey of stolen data markets known to us to better understand the size and scope of this illicit online ecosystem. To do this, we first identified 30 darknet markets that advertise stolen data products.
We then pulled information about stolen data products from the markets on a weekly basis for eight months, from September 1, 2020 through April 30, 2021. We then used this information to determine the number of vendors selling stolen data products, the number of stolen data products advertised, the number of products sold, and the amount of revenue generated.
In total, there were 2,158 vendors promoting at least one of the 96,672 product listings across the 30 marketplaces. Sellers and product listings were not evenly distributed across markets. Marketplaces averaged 109 unique vendor aliases and 3,222 product listings related to stolen data products. Marketplaces recorded 632,207 sales in these markets, generating total sales of $140,337,999. Again, there is great variation between markets. Marketplaces averaged 26,342 sales and generated $5,847,417 in revenue.
After reviewing the aggregated features of the ecosystem, we analyzed each of the markets individually. In doing so, we found that a handful of markets were responsible for trading most of the stolen data products. The three largest markets – Apollon, WhiteHouse and Agartha – contain 58 percent of all sellers. The number of listings ranged from 38 to 16,296 and the total number of sales ranged from 0 to 237,512. Markets’ total earnings also varied significantly over the 35-week period, ranging from $0 to $91,582,216 for the most successful market, Agartha.
By comparison, most midsize companies operating in the US earn between $10 million and $1 billion annually. Both Agartha and Cartel earned enough revenue within the 35-week period we tracked to be characterized as mid-sized companies, earning $91.6 million and $32.3 million, respectively. Other markets such as Aurora, DeepMart and WhiteHouse were also on track to reach mid-market revenue if given a full year to earn.
Our research describes a thriving underground economy and an illicit supply chain enabled by darknet markets. As long as data is routinely stolen, there are likely to be marketplaces for the stolen information.
These darknet markets are difficult to disrupt directly, but efforts to deter customers of stolen data from using them offer some hope. We believe that advances in artificial intelligence can provide law enforcement, financial institutions and others with the information they need to prevent stolen data from being used to commit fraud. This could stop the flow of stolen data through the supply chain and disrupt the underground economy that benefits from your personal data.
Christian Jordan Howell is an assistant professor of cybercrime, University of South Florida, and David Maimon is a professor of criminal justice and criminology, Georgia State University.
This article is republished from The Conversation under a Creative Commons license. Read the original article.