The hard truth is that identity data is the new gold—and criminal panhandlers are mining it for sale and distribution on the Dark Web.
Indeed, the internet provides ways for big data breaches to result in disastrous leaks of huge databases of personal information, resulting in detailed profiles of individuals—based on their internet behaviors, including social media activities, online shopping, financial transactions and more—being sold for nefarious purposes.
It’s all about identity theft. What does it mean for digital citizens like us? And what can we do about it?
The Mining of Identity Data
In 2019, data of all kinds is being criminally mined on the internet, but the theft and sale of identity data in particular is rising dramatically. How is this possible? In today’s highly-connected society, we’re constantly being asked to provide personal information to retailers, surveys, medical professionals, and other data collection efforts. We constantly disclose our name, address, social security number, health status, purchasing history, credit card numbers, and more. Anytime there’s a breach in an online database holding such data, by accident or malicious hacker intent, cybercriminals pounce on it to mine it for the identity gold.
“Identity theft and identity fraud…refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data…,” says the US Department of Justice, Criminal Division, in its Fraud Section report, reminding us what it’s all about. Data breaches are the goldmine for this kind of theft.
One of the more recent breaches collected, packaged and sold about 26 Million new accounts on the Dark Web by hacking several websites, including online shopping, career and learning platforms. A longer list of breaches—see The 18 Biggest Data Breaches of the 21st Century, as well as Wikipedia’s List of Data Breaches—reveals how chronic it’s become. Because our personal data is often stored on internet sites, many of which are crucial to our way of life, we forget that simply registering and providing personal details can lead to more precise and accurate description of our location, our healthcare information, and even information indicated on our government issued IDs. And its sale on the Dark Web is a very bad outcome.
The Dark Web (or Darknet) refers to that part of the internet that hides your identity and location when you’re on it. Dark Web websites are accessible only through Tor (the “Onion Routing” browser) and through I2P (the Invisible Internet Project”). Historically, one of the reasons for the creation of the Dark Web was to provide US Navy intelligence officers a means to maneuver on the internet without being recognized or traced. The Tor network achieves anonymity by bouncing the request through a large number of intermediate servers and employing a layered encryption system on the identification of the source IP where the search originated, so that no one knows where the request for a webpage or site ultimately comes from. I2P specializes in allowing the anonymous hosting of websites, so the target IP address is unknown to the searcher.
In short, browsing the Dark Web allows you to anonymously access “anonymized” websites, not all of which are bad, but also many sites that are, collectively known as Darknet markets. The former category includes SecureDrop, which lets news organizations receive anonymous submissions. The latter category included Silkroad 1.0, which was launched in February of 2011; and 2.0, which was finally shut down in November of 2014 by the FBI. The Dark Web or Darknet is still a channel for all kinds of illegal activities, including a place for radical extremists to spread propaganda—and remains a region on the internet for the sale of illegally gotten identity data.
Protecting Your Identity
Although data protection laws state that any personal data set that’s stored online has to be stripped of identifiers such as name and social security, true compliance is difficult to maintain or enforce—so each one of us has the ultimate responsibility to protect our data to stay safe online. Here are some practical steps you can take to help protect your identity:
Accounts and Usernames: Think carefully when choosing your username for your online accounts and email addresses. Choose something that does not closely identify with your full name or other personal information.
Passwords: If you use several internet services, social media accounts, and email addresses, you’ll need a lot of passwords. Tempting as it is, avoid using the same password for all your accounts. Use a unique password for each account, one that you can remember, but that’s not easy to guess. We highly recommend using Trend Micro Password Manager to generate strong passwords, to keep them safe, and to change them frequently. Banking apps and other payment system apps also utilize two-factor authentication, which you should take advantage of for more secure transactions and purchases.
Privacy: Keep your personal information private online and enable strong privacy controls on your social media accounts.
Protect your devices: Don’t leave your mobile devices and laptops unattended and enable PIN and password to unlock them.
Remediation: If you hear of a major online data breach, sit up and take notice: you might need to take active steps to remediate the situation. As with the Equifax Data Breach of 2017, where sensitive data on 143 Million Americans was exposed, remediation may mean locking or freezing your credit on each of the credit bureaus: Equifax, Experian, and TransUnion. With other types of breaches, it may simply mean closing an account or canceling a credit card. As with the credit bureaus, many banks have identity protection services which you can also avail yourself of.
Trend Micro ID Safe
Apart from the best practices outlined above, you should also install Trend Micro ID Safe for Android and iOS on your mobile devices, to monitor and help remediate any known security issues with your identity data.
What is ID Safe? ID Safe checks if any of your personal information stolen from data breaches is circulating on the Dark Web for sale or distribution by cybercriminals. It identifies which accounts were breached and the kind of data posted, then notifies you, so you can take steps to change your account credentials or remediate any potential effects of the illegal distribution or sale of your personal data.
Top-notch Security. To ensure the highest level of security when handling your personal information, ID Safe first hashes the data you enter on the app (essentially converting the text to an irreversible number) using the SHA-256 hashing standard—the world’s most secure— before sending it through an encrypted connection to check it against a comprehensive Dark Web database.
Easy to Use Tools. You can quickly check if your personal data has reached the Dark Web with just a few taps, using its various tools:
GDPR Compliant. Finally, you should know that Trend Micro takes your privacy seriously and complies with the European Union’s General Data Protection Regulations (GDPR) to protect your data. Read ID Safe’s data collection notice here: