Biometric selfies and forged passports: identities for sale on the dark web
With the rapid growth of personal information for sale on the dark web, Privacy Affairs has published its 2021 Dark Web Price Index, detailing average prices for a range of products, including the kinds of selfies holding an ID that can be used in biometric spoof attacks, across marketplaces, forums, and websites.
A forged Maltese passport was found to be the most expensive product found with an average price of US$6,500, while a forged U.S. valid social security number was one of the lowest coming in at $2.00. Rising prices across products is most likely due to the increasing risks of attaining the information, the increasing benefit for buyers to use the information, the increased quality/accuracy of the card data, says Privacy Affairs.
A “USA selfie with holding ID,” such as would be used for selfie biometrics in identity verification, is listed for $100.
2020 saw a massive increase in cyberattacks, according to PA, not only in quantity, but the variety of items to purchase has grown as well, such as hacked crypto accounts, web services like Uber accounts and face images.
“It’s no longer enough to just have a person’s ID, you need to confirm identity with a selfie. And since all business had to be conducted online during the pandemic, people inevitably had to provide a selfie to verify their identity. For some reason, people are not as careful as they should be with their data online, so malicious actors just take advantage of how easy it is to collect information,” says Cybersecurity Researcher Luana Pascu in an email to Biometric Update.
A cloned Mastercard with PIN costs around $10 more this year ($25) than last year ($15); vendors of stolen credit card data tend to offer a guarantee of 80 percent, which means that two out of every ten cards aren’t accurate. Though card numbers on the dark web are a result of data compromises at merchant locations and not at card issuers themselves, USA hacked credit card details are valued the lowest (due to high supply), and Israel the highest according to the index. Credit cards are sold in the format of: [CC|MM|YY|CVV|HOLDER_NAME|ZIP|CITY|ADDRESS|EMAIL|PHONE], the first 4 sections are card details and the following 5 sections show the cardholder information.
“Financial crimes have increased during the pandemic. When the pandemic started, there was a spike in sales related to COVID masks and other equipment that was hard to find at the time. Some marketplaces even went from public to private, but overall sales did not necessarily go down,” says Pascu, “the social engineering tactics used to lure victims into revealing personal information seem to be effective during tax season or when COVID-19-related information is involved. However, there have been fraud prevention methods implemented, making it harder to abuse the (Canadian government) benefit program.”
Dark web buyers have abandoned Bitcoin (BTC) due to a lack of security, according to the report, and vendors are demanding buyers to use Monero as payment and communicate only through PGP encryption (Pretty Good Privacy) in order to mitigate detection and tracking by law enforcement. Furthermore, hackers are meanwhile resorting to social engineering techniques to gain login credentials, which is very labor intensive for a relatively low success ratio due to a recent increase in security measures (e.g., MFA, account locks) implemented by social media platforms. Hacked crypto accounts seem to be one of the most valuable items for purchase, with a verified Coinbase account selling for around $610.
Health passes and deepfakes
PayPal account details are widely available online, and the list of illegal good on offer also includes distributed denial of service (DDoS) attack services, digital health passes and deepfakes.
“Malicious actors are also talking about ways to obtain COVID passports or vaccination certificates,” Pascu observes, “but this activity is currently flagged as illegal on most marketplaces ‘for ethical purposes,’ as stated on a group we monitor.”
Deepfakes are also gaining momentum and popularity on the dark web, with criminal deepfake activity developing into an economic niche. Deepfake services were found offered on a Hack Forum for $20 per minute of fraudulent video last June. “In addition to posts about deepfakes impersonating celebrities in adult videos, there are forums listing different schemes and tools to create your own for use in identity verification, and there is some interest in methods to make money with deepfakes,” comments Pascu.
Sale of counterfeit money was also prevalent, with USD, EUR, GBP, CAD, AUD being the most common.
Malicious actors are changing the way in which the market operates, warns Pascu; “up until recently, ransomware groups were looking for specific profiles to add to their affiliate programs such as fluent Russian speakers with solid experience in specific types of attack methods. As they are regrouping, we are looking at a more organized and trained opponent.”
Privacy Affairs also provides a set of recommendations for individuals to best protect themselves and their information from fraudulent online activity.