How Does the Data Black Market Work
by Scott Lewis
The data black market is a demand based economy; just like any other economy it must have buyers and sellers. The price for this data is driven by the demand for the information. The demand for this data is so high that the data black market is a multi-billion dollar economy that is only growing and doesn’t show any signs of slowing down.
Who are these people that make up the data black market? Like any other demand based economy, the data black market has to have some basic components to work. First off there has to be a demand, a pool of cybercriminals that want to have the data and are willing to pay for it. Then it takes a whole team of people to create the market; programmers who will develop malware, viruses and other access gaining programs to collect the data; web designers who develop a method for distribution of the malware and or viruses; technical experts, because just like your infrastructure, the data black market must be supported with a high performance infrastructure as a delivery and storage methodology; and hackers, who develop a marketing process through social media, email, advertisements to spread the malware through SPAM. Lastly the distributor, that central point where all the data comes and the buyers meet sellers; these are the people who manage the cyber exchange of data for money.
Let’s take a closer look at how this data black market actually works. Just like any other market it must be profitable, and there must be enough profit in it to make it worth the risk.
Step one: There has to be a demand, that demand creates opportunity for cybercriminals to make a profit so these heads of cybercriminal networks employ programmers to develop malware, spyware or viruses. These programs are specifically designed to collect data or to allow access to systems that people use in their daily lives, such as banking sites, online commerce, business networks and medical records.
Step Two: You have to have a delivery and collection method. Hackers and scammers use spamming, social media, and phishing attacks in order to get unsuspecting web users to execute the program and provide system access. These tend to be very sophisticated programs that are designed to elude antivirus programs and web filters. Based on the human factor and our addiction to social media, web browsing and the huge increase of web based applications, system security must be a high priority.
Step Three: Promotions just like legal businesses who promote their goods and services, so does the data black market. Once your system and data have been compromised, the sellers of stolen data provide warranties, discounts for volume purchases, and demonstrations of goods and promotional discounts with coupons. These promotions are a coordinated effort through underground chat rooms and forums, along with social media outlets.
Step Four: Sales, the sales process on the data black market is very similar to any traditional sales process.
• Buyer makes contact with seller through a chat room, online forum or generic email address.
• The deal is negotiated, a price set, and accepted.
• Payment methodology is set such as PayPal or Western Union
• Determine a support and customer service transaction methodology; in the event the product is not acceptable there is a process of how to recreate a new transaction.
Step Five: Follow the money! Some of these transactions can create huge financial transactions that will require the money to basically be laundered in order to insure that the cybercriminals are not being tracked. They will do this process through legal business entities or through a process of cyber-mules and fake job offers. Basically they get people to accept commissions in order to make deposits and withdraws through legal business accounts or through personal accounts.
The data black market is huge and the demand for data and information is extremely high and is growing. Regardless of the type of data, there is a demand for it. Everything from credit cards, personal information, medical records, and bank account information, it is all online now and someone wants it! The basic rules still apply, don’t open emails that you don’t know the sender, don’t respond to emails asking you to verify your account information or log in information. It is a scam, make sure that websites that are doing financial transactions are secured with that little lock in the URL line. Data theft is an opportunistic crime, it relies on businesses and individuals that let their guards down by not upgrading their systems, not checking and testing their systems and are not accounting for the human factor, that clicking on the cute doggie picture…we just can’t help ourselves. It only takes a second, and it is the simplest mistakes that create that opportunity for you or your business to become a victim.
Scott Lewis is the President and CEO of Winning Technologies Group of Companies. Scott has more than 30 years of experience in the technology industry and is a nationally recognized speaker and author on technology subjects. Scott has worked with large and small business to empower them to use technology to improve work processes, increase productivity, and reduce costs. Scott has designed thousands of systems for large, medium and small companies and Winning Technologies goal is to work with companies on the selection, implementation, management and support of technology resources. Learn more about Winning Technologies at www.winningtech.com or call 877-379-8279.