The darknet is not dark, billions of personal information openly sold at a price! Quite rampant!

2020 Beijing key middle school parents and students data 100,000;
private bank wealth management million, tens of millions of high-net-worth wealthy 100,000
pieces ; airplane passenger personal information 800,000 pieces;
Baoma precise data 160,000 pieces;
online loan data 120,000 pieces ;
……

By logging into Telegram and the dark web by industry insiders, a reporter from the Economic Information Daily saw that hundreds of millions of pieces of accurate personal information of various categories came into view and were being sold publicly. Including personal track information, credit information, property information, accommodation information, communication records, and even facial and living information, it can be easily obtained as long as one click to pay. Traffic is rampant, and the amount of information and transaction volume is shocking.

"Economic Information Daily" reporters in-depth investigation found that the ubiquitous identity binding and excessive claims have increased the risk of personal information leakage through App and other channels. What is more noteworthy is that with the blessing of virtual currencies, uncontrollable dark web forums, Telegram and other social platforms are becoming the main channels for information trafficking.

1. "The dark web is not dark", billions of personal information are clearly marked with prices, and sales are rampant

Recently, the reporter saw on a social group called "Social Worker Robots & Xianyu Guaranteed Transaction Data Checking Data Certification Group" on Telegram. A large number of them include household registration, mobile phone number, location, person checking and file checking, property investigation, and house opening. User information, including records, running water, etc., is publicly sold, which is rampant.

"Because of the large amount of leaked information at present, some hackers have created a large data collection of various data and named it social engineering robots. You only need to enter the corresponding requirements in it, and the system will automatically search for relevant information." An industry insider said.

Not only Telegram, the reporter of "Economic Information Daily" learned that the volume of data transactions on the dark web is even greater. Harbin Institute of Technology (Shenzhen)-Qi’anxin Data Security Research Institute Executive Director Liu Chuanyi told reporters that tens of thousands of leaked data are sold on dark web platforms every year, and the total amount of leaked data is as high as billions of data each year, and the transaction amount exceeds 1 billion yuan. The information leaked out for public sale includes citizen information of government agencies, customer information of financial institutions such as banks and securities, owners of major telecommunications operators, and various industries such as the Internet, express delivery, hotels, real estate, aviation, hospitals, schools, etc. Customer and user information.

And such a large amount of detailed real data, the price is very cheap. "The average search for a piece of information is only a few cents." An industry insider told reporters.

The reporter saw on the dark web that a copy of 930,000 student identity data from a tutoring organization nationwide that had just been out of the library was sold at a package price of $30. The poster stated that the data is the registration data recorded by the website from 2016 to 2018, which includes information such as name, mobile phone number, school, and address. The data package currently shows that there have been 18 transactions.

A FMCG brand's official flagship store sales information data is quoted at $16. The poster stated that the data package has a total of 15,623 sales data of the brand in 2020, including the purchaser, purchase information, price, purchase time, as well as the purchaser's phone number and address.

In addition, the front and back photos of the ID card and the hand-held half-length photos were also sold in packages. From the screenshot of the attachment given by the poster, it can be seen that the relevant photos not only have the front and back sides of the party’s ID card, but also four photos of the party’s single photo and holding the ID card. And there are 1,500 sets of such photos, and the data package is priced at $20.

Different from the low price of personal privacy information, the price of information including gambling members has risen sharply. A post owner stated that a certain sports football app’s mailbox leaked the VPN account password. In addition to the new registration information from April 1, 2020 to August 8, 2020, it also updated the red list referral member data with an increase of 1.9 million Article. It is worth noting that the price of the data package is as high as $2,000, and 2 orders have been sold.

In addition, the first batch of 180,000 chess and card data packages extracted in March includes specific information such as phone number, operator, region, number of visits, crawling address, crawling platform, time, etc. The transaction unit price is US$300.

Zhang Wentao, a security expert in Tencent's Guardian Program, said that the current cyber black production has shown a trend of internationalization, corporatization, intelligence, and anonymity. “Black and gray production gangs have begun to use various domestic and foreign tool platforms such as the dark web and Telegram to implement data theft, circulation, integration and trading. At the same time, according to some typical cases, it can be seen that some black and gray production uses corporatization Illegal acts of engaging in data transactions, and there are illegal personnel who clean and integrate data obtained through multiple channels to automatically provide external services."

2. "Hackers are most favored", and the financial industry has become a "severe disaster zone" for information leakage

According to Liu Chuanyi, more than 60% of personal information leaked on the "dark web" comes from the financial industry, which has become the most popular target for hackers.

A reporter from "Economic Information Daily" obtained a screenshot of a high-quality investor information page with a fund of more than 500,000 in a securities institution. The page shows that there are 25,969 pieces of data with a price tag of US$168, with 9 data dimensions including name, account number, gender, age, hometown, mobile phone number, and floating profit and loss. The poster said: “Information such as name, ID number, and mobile phone number can be verified by yourself. There is not much data, but the truth is true.” The data was released on January 17, 2021, showing that 3 orders have been completed.

Another data package on sale is the information of up to 160,000 customers of a securities company with a price tag of US$368. The poster said that the data is the latest first-hand customer data in 2021, with internal channels flowing out and the dark web first. "A total of 165,000 pieces of data have been removed. The real number rate is more than 95%, and the data is fidelity."

In addition, a number of leaked data such as bank cards and wealth management information of a commercial bank were sold. The post with transaction number 41884 stated that the data package contains 48,566 pieces of customer data of a commercial bank in 2021, containing detailed personal information, bank card number, and bank card types.

The post with transaction number 41847 shows that it has 48,800 pieces of the aforementioned commercial bank wealth management customer data. "This data was brought out by the inner ghost, and it was first published on the dark web at a price of US$168 per copy." The poster said.

The reporter checked the self-verifiable data provided by the poster and saw that the content of the data was detailed, including the name of the wealth management subscriber, ID number, mobile phone number, product name, subscription amount, expected rate of return, deadline, and specific address information of the subscriber . The reporter logged onto the official website of the above-mentioned bank and could see that a number of wealth management products currently on sale were consistent with the leaked information.

In addition to hackers and other technicians stealing batches of information, there are also some "inner ghosts" directly involved. The post with transaction number 40046 shows: "As long as you provide ID and name information, you can check the specific information of all the bank cards under your name without a balance of 1100 USD. As a result, it takes 2200 USD with a balance, 1-5 working days. Results.” It’s worth noting that since the posting was released on August 24, 2020, there have been as many as 360 transactions.

Li Junhui, director of the Social Governance Research Center of the China Judicial Big Data Research Institute, said that from 2016 to 2020, people’s courts at all levels across the country concluded cases involving crimes involving infringement of personal information and the judgment documents have been disclosed. Look, the financial industry accounts for 39.10%, ranking first.

"Finance, intermediary, recruitment and other service industries rely heavily on telephone, text messages and other channels for marketing. In order to improve the pertinence and effectiveness of marketing, the buying and selling of citizens' personal information has become the industry's "hidden rules"." People's Procuratorate of Chaoyang District, Beijing Assistant Prosecutor Chen Yinglu said.

The reporter learned that information leaks in the financial industry did not only occur in China. Overseas, financial industry data is also a "frequent visitor" of the dark web. On April 9, 2020, nearly US$2 million worth of South Korean and American payment card information was sold on the dark web. Group-IB, a cyber security company located in Singapore, detected a database containing details of nearly 400,000 payment card records from banks and financial organizations in South Korea and the United States, and the information was uploaded to the dark web on April 9, 2020 .

3. Information trafficking has become a "hidden rule", and the scale of leaks has grown "exponentially"

Almost all of us have similar experiences as follows: Just after buying a house, a decoration company called; not long after giving birth, there was an early education center to contact; just one year after buying a car, there was an insurance company to sell Auto insurance...salesmen use "private information" to pervasive. How big is the scale of personal information leakage?

Zou Hongzhi, product manager of Yongan Online, a business intelligence security company, told a reporter from Economic Information Daily that since the official start of operation of the Yongan Online Data Leak Monitoring Platform in 2018, more than 70,000 data leakage incidents have been discovered, affecting more than 200 million people.

In fact, data breaches are at a high rate all over the world. Recently, according to foreign media reports, the WizCase security team discovered a serious data breach while scanning the FBS server of the international online foreign exchange trading platform. The data leaked as much as 20TB, including more than 16 billion records. The leaked information includes basic personal information such as name, phone number, email, passport number, personal photo, and driving license. At the same time, user financial data such as deposit amount, currency, transaction ID, transaction date, balance, and equity are also included.

According to the data recently released by ForgeRock "Consumer Identity Information Violation Report", cybercriminals exposed more than 5 billion data records in 2019. Although the number of data breaches in the first quarter of 2020 has dropped by 57%, the number of leaks has only increased, and as many as 1.6 billion records have been leaked, an increase of 9% over the same period in 2019.

"The amount of infringed citizens' personal information has advanced from the'multiple level' to the'exponential level' explosive growth." Xin Shangmin, vice president of the Beijing Third Intermediate People's Court, previously pointed out when introducing the trial of criminal cases involving citizens' personal information. With the development of information technology, the amount of available information is increasing. From the traditional static information such as name, ID number, mobile phone number, and address in the past, credit information, location information, whereabouts information, accommodation information, and housing have been added. Multi-dimensional information such as property rights information. At the same time, the carrier for storing information has changed from traditional U disks, hard disks, etc. to cloud disks with larger storage capacity, which also greatly reduces storage costs and difficulties.