I’ve been hearing about the “dark web” for a few years. In the past, it had always seemed like something out of a James Bond or Mission Impossible movie—or a place where Lisbeth Salandar (of The Girl With the Dragon Tattoo books) would hang out. And then recently, it became very real.
In March, a group of about 30 credit union folks gathered at the headquarters of $2.7 billion Apple Federal Credit Union in Fairfax, Virginia, for a discussion of cybersecurity best practices. At the event, Seth Jaffe, general counsel and VP/incident response for CUES strategic partner LEO Cyber Security, Dallas, took us on a tour of the dark web—the black market of the internet. (Jaffe started the tour by saying, “Do not try this at home unless you know what you are doing!”—a very wise disclaimer that I will echo here.)
What wasn’t surprising about the dark web: The items for sale include credit card numbers, tax records and Social Security numbers.
What was surprising about the dark web: Many of these items are available for purchase at extremely low prices! One seller had Social Security numbers for $1 a piece if you bought at least nine. Tax records were going for $7.99 each. ATM malware cost $5,000 and ransomware just $49. There was even a 10 pack of “low security credit union bank records” for a mere $400.
continue reading »