Connect the Dots and Deter Cyber Criminals

by Sarah Newman, IT Privacy & Security Guru I started my career in the data world. The company I worked for had information — data — on every single adult in the United States (we scrubbed out any data on children), in such a wide scope, that we were able to do things like finding your physical address from your email address. When we first started out, our hit rate (the ability to find accurate data based on the input criteria) on a “reverse email lookup” was pretty low — in the neighborhood of 25%. As the world has become more and more connected, and people have become more and more lax about personal information protection, the hit rate steadily increased to almost 75%. In the data industry, we learned quickly that connecting seemingly random pieces of information, like an email address to a home address, was a simple matter of using the right logic to write a simple algorithm and applying the right algorithm on its course to connect the dots for us. This knowledge gave us a great deal of insight into how individual pieces of data can be connected to form what’s referred to as Personal Identifiable Information or PII — and why cybercriminals are more than happy to pony up cash to get your email address. With their technical expertise and relatively easy access to your data, they get a high return on their investment with very little difficulty. So what exactly is a good return on a cyber criminal’s investment? Well, it depends on the data. Let’s take a look at the seedy underbelly of the Internet to help us understand the value of our information. Where 99% of the connected world lives is called “Surface Web” and it accounts for a startlingly small proportion of the entirety of the Internet. The Internet is very much like an iceberg — most of it below the surface in what is referred to as the “Dark Web”. And much like an iceberg, it’s the part that we can’t see that’ll sink us. The Dark Web is where your information is bought and sold by relatively anonymous people across the globe, accessing these veritable dark data warehouses on various forums that require a top secret level security clearance to get into. In many cases, these forums are more difficult to access than it was to get the data they’re trading in. Once inside your data is sold as part of a set and paid for in Bitcoin. The value of your data is based almost wholly on what it contains. Here’s a quick breakdown (in US dollars) Login Credentials toSites like Netflix – as low as $.55Loyalty or Rewards Sites, and Auction sites: $20 – $1400Online payment sites, like Paypal:If your balance is between $400-$1000: $20-$50If your balance is $5000-$8000: $200-$300Bank login credentials for a $2,200 balance bank account: $190Stolen credit or debit card: $5 – $30 per card number And then there’s the holy grail of data information — “Fullz” — your full information. This ranges in price from $15 to $65 for an average US citizen’s complete record. The effects of this kind of connecting — getting your fullz — may not be realized by you for years. That’s why it is incredibly important for you to choose an easy cost-effective way to ensure that you and your team protect your information. You are the first line of defense in protecting your identity.