It’s common to hear news stories about big data breaches, but what happens once your personal data is stolen? Our research shows that, like most legal goods, stolen data products move through a supply chain made up of producers, wholesalers and consumers. But this supply chain involves interconnection of several criminal organizations operating in illicit underground markets.
The supply chain for stolen data begins with the producers – hackers who exploit vulnerable systems and steal sensitive information such as credit card numbers, bank account information, and social security numbers. Then the stolen data is advertised by wholesalers and distributors who sell the data. Finally, data is purchased by consumers who use it to engage various forms of fraudincluding fraudulent credit card transactions, identity theft and phishing attacks.
This traffic of stolen data between producers, wholesalers and consumers is made possible by darknet marketplaces, which are websites that look like regular e-commerce websites, but can only be accessed using special browsers or authorization codes.
We have found several thousand vendors selling tens of thousands of stolen data products in 30 darknet markets. These vendors made over $140 million in revenue over an eight-month period.
Much like traditional e-commerce sites, darknet marketplaces provide a platform for sellers to connect with potential buyers to facilitate transactions. Darknet markets, however, are notorious for selling illicit products. Another key distinction is that accessing darknet markets requires the use of special software such as the onion routeror TOR, which provides security and anonymity.
Silk Road, which emerged in 2011, combined TOR and bitcoin to become the first known darknet market. The market was finally seized in 2013, and the founder, Ross Ulbricht, was sentenced to two life sentences plus 40 years without the possibility of parole. Ulbricht’s heavy prison sentence does not seem to have the desired deterrent effect. Multiple markets have emerged to fill the void and in doing so have created a thriving ecosystem profiting from stolen personal data.
Stolen Data Ecosystem
Recognizing the role of darknet markets in stolen data trafficking, we conducted the largest systematic review of stolen data markets we know of to better understand the size and scope of this illicit online ecosystem. To do this, we first identified 30 darknet marketplaces advertising stolen data products.
Next, we extracted information about stolen data products from marketplaces on a weekly basis for eight months, from September 1, 2020 to April 30, 2021. We then used this information to determine the number of vendors selling stolen data products. , the number of stolen data products announced, the number of products sold and the amount of revenue generated.
A total of 2,158 vendors advertised at least one of 96,672 product listings across the 30 markets. Vendors and product listings were not evenly distributed across marketplaces. On average, marketplaces had 109 unique vendor aliases and 3,222 product listings related to stolen data products. Marketplaces recorded 632,207 sales on these marketplaces, which generated $140,337,999 in total revenue. Again, there are strong variations between markets. On average, marketplaces made 26,342 sales and generated $5,847,417 in revenue.
After evaluating the overall characteristics of the ecosystem, we analyzed each of the markets individually. In doing so, we discovered that a handful of markets were responsible for the traffic in most stolen data products. The three largest markets – Apollon, WhiteHouse and Agartha – contained 58% of all vendors. The number of listings ranged from 38 to 16,296, and the total number of sales ranged from 0 to 237,512. $582,216 for the most successful market, Agartha.
For comparison, most midsize companies operating in the United States earn between $10 million and $1 billion a year. Agartha and Cartel generated enough revenue in the 35-week period we tracked to qualify as mid-sized companies, earning $91.6 million and $32.3 million, respectively. Other marketplaces like Aurora, DeepMart, and WhiteHouse were also on track to reach mid-size company revenue if given a full year to earn.
Our research details a thriving underground economy and illicit supply chain enabled by darknet markets. As long as data is regularly stolen, there will likely be marketplaces for stolen information.
These darknet markets are difficult to disrupt directly, but efforts to prevent customers of stolen data from using them offer some hope. We believe that advances in artificial intelligence can provide law enforcement, financial institutions and others with the information needed to prevent stolen data from being used to commit fraud. This could stop the flow of stolen data through the supply chain and disrupt the underground economy that profits from your personal data.