BENGALURU: Somewhere, in the dark corner of the World Wide Web, your profile may be up for sale. And not just hackers and crooks, even companies and market researchers may be buying this data. The cost of a set of such data? As little as Rs 140 a day.
The dark web, as it is called, is not accessible through regular browsers. Only tools like Tor, an open source software that allows anonymous communication, allow access to the dark web. And in this hidden part of the web, hackers are putting together internet user details that include passwords, telephone numbers and email IDs.
Among those looking for such data are outfits planning cyberattacks, those keen to track consumer behaviour and those who simply want to get free access to video streaming sites that you have paid for, say experts.
More interestingly and worringly, such data sets are being bought by companies looking for information on competitors’ consumer base, and even for potentially tracking key executives of rival firms who may have sensitive and crucial data.
While one group of hackers leaks the data with encrypted passwords, a second group decrypts them. “What is happening now is that a third group makes a list of these decrypted passwords and stores them in a central server that provides data sets from these breaches, making it a common source for hackers,” says Rajshekhar Rajaharia, an independent cybersecurity researcher.
Using Single Password Makes You Vulnerable
You are particularly vulnerable if you use a single password for multiple online accounts, or have passwords that are only slightly different. Hackers are estimated to have collected more than 7,000-8,000 databases from smaller websites alone, apart from data hoovered up from major sites.
User data is sold through various packages, from as little as $2 (Rs 140) a day and up to $70 (Rs 4,900) for around three months, assuming a rupeedollar exchange rate of 70. Customers pay using cryptocurrencies such as Bitcoin, Litecoin, Dash, Ripple, Ethereum and Zcash.
If a hacker gets multiple passwords from a user, a profile can be put together in minutes. Many users have one password for multiple accounts or reuse it often, making their behaviour predictable, say experts. Tracking user data depends on the person’s activity level on the internet.
“If a user has multiple accounts across websites, cracking his or her personal information online is much easier than one who spends less time on the web,” says Rajaharia.
Cybersecurity expert Gautam Kumawat says, a “regular user’s password is usually available for as little as one rupee, but there are lists of highprofile public figures like politicians or Bollywood stars whose data is sold for Rs 500-2,000”. Stringent laws against data breaches can put a stop to this, say experts.
“A user should ensure strong passwords, avoid opening phishing and spam mails. Also, when companies suffer data hacks and breaches, they should be made accountable,” says Sanjay Katkar, chief technology officer at Quick Heal. “Even after multiple instances of data breaches, companies have not faced any repercussions.”