Protect Your Privacy: What Happens to Your Data?

March 26, 2011

When criminals obtain your e-mail address, credit card, or Social Security Number, your information enters an underground economy where it’s sold, bought, and (maybe) eventually used in a crime.

As detailed throughout this series, your data can be harvested by a variety of means–malware, phishing, sniffing, and other attacks. The most common method today uses e-mail, Web, and social networking phishing to trick users into installing malware on vulnerable computers; that malware then links infected mashines together into a botnet. Those systems are scoured for any potentially valuable information, then used to attack others under the control of the botmaster. (Fortunately, such attacks are almost entirely targeted against Windows machines; attacks on Macs have been few and far between.)

However it has been obtained, stolen information is then aggregated and sold in online criminal marketplaces–called “carders”–which function much like eBay. For example, the ShadowCrew site that was busted in 2004 by the Secret Service had an estimated 4000 members and up to 8000 credit cards. Another, carders.cc, was itself hacked last spring, but is still in operation.

    Different kinds of data have different values: a credit card number may be worth as little as a few cents; that same number with your name, address, and Social Security number could be worth $30. Such data can be used to perpetrate a full-on identity theft, which can enable the miscreants to take out a mortgage in your name. That can happen years after the theft, since–unlike credit card numbers–SSNs don’t expire until you do.

    Read More

    %d bloggers like this: