Print Save PDF

About 7 minutes

Sex, drugs, and rock and roll.

No, I’m not describing the lifestyle of every rock artist known to man. The famous rock tagline applies to what you can expect when you venture into the dark web (minus the rock and roll part).

The dark web has a lot more to offer, too. Weapons. The remaining carcasses of personal data. Even death.


It’s a place for the worst of the worst. Not for the faint of heart. In fact, if you have a heart, it might be on sale. You can purchase anything on the dark web – money and bitcoins are the only currency that matters, regardless of what or who you’re buying.  

Speaking of data carcasses being on sale, the bones get picked dry pretty quickly in this dark terrain.

The more valuable the information, the higher the bids go. We’re talking about security plans. Counterfeit documents. Wiki Leaks.

The way this data gets picked apart by a salivating horde of investors, you’d think the carcasses were the remains of an antelope that attracted a crowd of hyenas and vultures. Except these scavengers are using the leftover flesh to build a new life for themselves while tearing down the very existence of someone else.

Patient Records Start Bidding Wars on the Dark Web

Even patient records are fair game – in fact, they are the becoming one of the biggest games in town.

Patient information is more of a commodity than credit card data.

As Brand Barney, a healthcare security consultant described, "If you go out on the 'deep web' [where people sell stolen goods], a credit card valued at $1 to $2. But your PHI can sell from $20-$200 on the deep web.”

PHI, by the way, stands for patient health information. The reason why it comes with a higher price tag?

This information doesn’t change.

Social Security numbers and birth dates are the essence of someone’s identity. Business Insider reported that “ready-to-use counterfeit Social Security cards can sell for $250 to $450.” Meanwhile, credit card numbers can change as quickly as a runway model performing in a fashion show. 


Health Information Is an Easier Form of Prey  

Between physical and digital carelessness, security isn’t accounted for by healthcare organizations. Hackers don’t even need an elaborate plan of attack to get access. Administrators are making it easy.

On the digital front, firewalls aren’t always updated every six months (which is a common best practice), and physical paper records have been exposed for anyone to handle.

After visiting a healthcare organization onsite, Barney described this very scene: “I found a maintenance closet; it had no key, no video, no lock. As we walked into the closet … we found a little over 6 million individual [paper] records in that room.”

A few of the biggest healthcare data breaches we’ve seen over the course of a year have been physical thefts by key hospital personnel or individuals with third-party access.

In the case of Montefiore Medical Center in New York, it was an inside job. A hospital employee helped steal 12,000 healthcare records.

Other Data Cyber Thieves Target

Well, there is still the good ole’ standby of bank account and credit information hacks.

Bank account information goes for $1,000 and up, which is a hefty price for an individual sale. Imagine the amount of money multiple bank accounts could fetch?

According to The Christian Science Monitor (CSM), credit cards and debit cards go for between $20 and $100, and more than $1 million of these stolen cards were sold on Rescator (a black market outpost).

CSM’s description for how information can be bought on black markets sounds more like a Super Walmart e-commerce portal than some back alley with men in trench coats.

“Here, stolen credit cards are a commodity. Everyone sells them. They are available on carding forums, bulletin boards, and via storefronts where you can conduct business like you would at any Web store. Often all it takes to get started is a simple Web search.”

Sadly, here’s the kicker in all of this: For newbies who don’t know how to purchase credit cards without getting caught or how to use these cards, there are tutorial style sites that can guide them in the right direction.

Dark Web Arrests

dark-web-arrests-data.jpgLight is cracking through the pitch-black depths of space. Action is being taken against cybercriminals. Federal investigators shut down three of the most prominent dark web markets – Silk Road, Evolution, and Agora – in 2015.

In addition, the FBI hacked a Tor browser (an anonymous network portal that enables browsers to conceal their location) to catch thousands of pedophiles on a child pornography website called “Playpen.”   

According to HackRead, the FBI used a network investigative technique (NIT) to unlock 1300 IP addresses and to unearth the identities of users. Through a single warrant, they were able to identify the operating system, computer host name, MAC address, and other personal computing information.

But technical techniques and even the most advanced network technology are only part of the counter attack that need to be in place against hackers and the dark web.

In an interview with the New York Times, Scott Borg mentioned the importance of psychology and strategy. Understanding the makeup of the type of criminals who are threats and also understanding their motivations is crucial.

“People are still dealing with this problem in a technical way, not a strategy way. People are not thinking about who would attack us, what their motives would be, what they would try to do. The focus on technology is allowing these people to be blindsided.”

What are you doing to keep your data secure?



Written by IBM BP Network