Researchers at the Dutch Technische Universiteit Eindhoven have found evidence of a huge and highly developed electronic black market for trading in "fingerprints" over the Internet that trades hundreds of thousands of detailed user profile data.
The Russian-based marketplace offers more than 260,000 highly detailed user profiles, along with other user data, such as email addresses and passwords.
finger print
Security on the Internet is a never-ending game of cat and mouse. Security professionals are constantly devising new ways to protect our valuable data, and in turn, cybercriminals devise new and cunning ways to undermine these defenses.
These personal "fingerprints" allow criminals to circumvent the latest authentication systems (authentication and authentication of data), giving them access to valuable information about users, such as credit card details.
The online economy relies on usernames and passwords, to make sure that the person who buys things or transfers money online is really the same person.
However, this limited authentication method has proven to be a far cry from security, as people tend to reuse their passwords over and over again across many services, platforms and websites.
This has resulted in a massive and highly lucrative illegal trade in authentication data, and according to recent estimates, some 1.9 billion stolen identities were sold through the underground markets within a year.
Since it adds an additional step, many users do not bother registering for it, which means that only a minority of people use it.
To alleviate this problem, the alternative authentication system has recently become popular with services like Amazon, Facebook, Google and PayPal.
"Fingerprints" allow criminals to circumvent and circumvent the latest authentication systems and give them access to user information (The Digital Wi-Pixabay)
Multi-factor authentication
It would not be surprising if banks and other digital services created more sophisticated authentication systems, relying not only on something that users knew (their password), but on something they had (for example a token).
This process, known as "multi-factor authentication", severely limits the possibility of committing cyber-information crimes, but on the other hand it has disadvantages as well.
Known as "risk-based authentication", this system looks at "user fingerprints to verify someone's credentials."
This can include basic technical information, such as the type of browser or operating system, but also behavioral features, such as mouse movement, location, and keystroke speed.
If the fingerprint corresponds to what is expected of the user - based on previous behavior - he is allowed to log in immediately using his username and passwords only, and if this is not the case, additional authentication is required through a token.
Of course - and as expected - cybercriminals quickly came up with ways to circumvent "risk-based authentication" and develop phishing groups that also include fingerprints, however, they found it difficult to turn this into an effective and profitable business.
One reason is that these user profiles vary with time and across services, and must be collected through additional phishing attacks, but researchers have found evidence that this large and highly sophisticated marketplace overcomes these limitations.
The researchers faced extreme difficulty in collecting data and kept the real name of the site confidential to reduce the risk of retaliation (OpenClip Art Vector - Pixabay)
The largest criminal market
Luca Aloudi, a researcher in the Cybersecurity Group in the Department of Mathematics and Computer, says to the "News Overview" page of the university's website that "what distinguishes this website is not only its scope, but also the fact that all personal files are constantly updated, which means that it maintains its value. ".
"In addition, customers can search the database, so that they accurately select the Internet user they want to target, which enables very dangerous phishing attacks, and they can also download a program that automatically downloads user profiles for the target website customers," he says.
To emphasize the systematic nature of the website, Alludi and his colleague Michel Campobasso - a PhD student and research co-author - coined the term "impersonation as a service," echoing well-known cloud computing service terms such as "software as a service" and "infrastructure as a service."
"As far as we know, this is the largest and most sophisticated criminal market for systematically providing these services," Campobasso tells the university's website.
Searching the market was not easy, and in order for researchers to have access to available user profiles, researchers had to obtain a private invitation to be shared by existing users.
Data gathering was also difficult, as platform operators actively monitor "rogue" accounts, and researchers decided to keep the site's real name anonymous, to reduce the risk of retaliation by market operators.
In their study, the researchers cited some examples of how criminals "armed" these personal files, which they found on a secret channel used by the platform's clients on the Telegram application.
In one of the reported attacks, an attacker describes creating filters for the victim's email inboxes, with the aim of hiding "Amazon" notifications related to purchases in order to hide the attacker using the victim's Amazon account.
Researchers describe how criminals "arm" the personal files they found on a secret channel used by the platform's agents on the Telegram app (Geralt-Pixabay).
Price for "virtual identity"
The market price of a user's "virtual identity" ranges from $ 100 to around 100, and access to encryption files and Internet platforms appears to be the most valuable.
"The mere presence of at least one encryption-related profile nearly doubles the average profile value," says Alodi.
Another important factor that raises the price is the wealth of the country in which the user is located.
According to Campobasso, "This makes sense. Attackers are looking to impersonate and monetize user profiles that are likely to generate greater financial gain, which are mainly found in developed countries."
User profiles are also highly regarded, which allow access to more than one service and profiles with "real" fingerprints, in contrast to "made" fingerprints by the platform.