Thomas Holt, an associate professor of criminal justice at Michigan State University, recently conducted a study with some colleagues examining the strategies used by individuals operating in the real world for stolen goods in virtual illicit markets that are hidden from the public — specifically, the dark web. This clandestine marketplace is a heavily encrypted underground world within the internet, and it is difficult for authorities to detect the location or owners of the data markets within the dark web.
Funded by the National Institute of Justice, Office of Justice Programs and U.S. Department of Justice, Holt and his colleagues analyzed posts from 10 Russian- and three English-language web forums selling stolen data to engage in identity theft and fraud.
The study found that most of the sellers on the dark web advertise their data and services in forums much like an Amazon or eBay, where buyers and sellers rate each other and the quality of their products being sold — in this case, personal information. While it sounds lawless, there's an honor amongst data thieves. Buyers of stolen data pay first and trust it will be delivered.
Holt claims it is hard to put an exact figure on what hackers are getting for stolen data, for several reasons: Cash transactions tend to be on the rare side in these sorts of transactions, bulk discounts take place for big data scores, and precise negotiations take place via email or private online chat. Yet it appears bitcoin and other web-based currencies are the norm, because the sources are much harder to trace.
What Holt and his colleagues found was that of the 320 transactions they studied, data sellers earned between $1 million and $2 million. Similarly, buyers in 141 of these transactions earned between $1.7 million and $3.4 million through the use of the information they purchased.