The past few weeks have seen a flurry of hacker activity. From the leak of celebrity nudes to the 200,000 Snapchat photos stolen and posted on 4chan, to the most recent infiltration of Dropbox, it’s clear hackers have moved on from the days of stealing our credit card details. But what do hackers actually do with our data once they have stolen it?
The short answer is they sell it on the cybercriminals’ black market. According to a report released earlier this year by the RAND Corporation’s National Security and Research Division, the hacker market is highly sophisticated and organized. The hacker market has, in some respects, become more profitable than the illegal drug trade, that report found. The data hackers steal ends up on a network of illegal trading sites where they buy and sell large amounts of personal data for profit.
Gone are the days when credit card fraud and identity theft were all we had to worry about. Hackers have discovered new ways to make money with your photos and social media account information. To hackers, LinkedIn and eHarmony offer a goldmine of passwords that can be used to update their “rainbow tables.” These tables are basically huge databases that serve as a digital key for hacking harder-to-crack encrypted passwords, as Slate’s Will Oremus has explained. According to the RAND report, Twitter accounts are now more profitable than stolen credit cards.
Not even our medical records are safe. Don Jackson, director of threat intelligence at PhishLabs, monitored underground hacking exchanges and discovered cybercriminals make around 10 times more money hacking someone’s medical information than from stealing their credit card details, according to Reuters. By stealing names, birth dates, and policy numbers, hackers can create fake IDs to buy medical equipment which they can later resell. They can also use the data to file made-up insurance claims.
RAND’s report on cybercrime describes the cyber black market as a “Hackers’ Bazaar” that is becoming increasingly diverse in the products it offers. Some underground organizations can reach up to 80,000 people and bring in hundreds of millions of dollars by turning stolen account information into usable money.
The market is surprisingly competitive and undoubtedly lucrative. RAND predicts that the exploitation of social networks and mobile devices will only continue to grow as YouTube “how-to’s” and Google guides make it easier for people to get involved in stealing, buying, and selling information.