Los data they are the goose golden eggs of the 21st century. A treasure that allows you to obtain information that is later used to sell us anything. It is one of the most coveted goods by large companies today to adapt their products to the habits and needs of customers. Experts estimate that it is a cake of 700,000 million euros. The relevance is demonstrated by the operations of giants such as Facebookwhich six years ago bought WhatsApp for more than 21.8 billion dollars (18 billion euros), or the one that closed a few years ago Googlewhen I acquired Youtube for 1,650 million dollars. These last two companies were fined precisely last year for violating privacy laws. In the case of the website dedicated to sharing videos, it collected information about children with advertising purposeswhile the search engine -object of the increased antitrust lawsuit from the US government in decades – collected millions of medical records in the United States without the knowledge of patients or doctors.
that there is a hidden trading of personal data It is a fact that should surprise few. And the Black Mirror episodes look less and less like science fiction. Proof of this is that in cybersecurity meetings we smell the aroma of a payment platform and they tell us that our security is at risk. At least the ‘online’ one. There are several different ones computer hacks that call into question online security. Recently TikTok, then Zoom or finally WhatsApp show that all applications are vulnerable. And the emergence of mobile phones brought with it numerous advantages, but also some that are not so advantages: applications and companies are capable of geolocating their users, knowing their tastes and their most daily habits, and also knowing how they spend their last paycheck. . This battle has had a new chapter in recent weeks with Brussels’ approval of the purchase of Fitbit by Google. Of course, with nuances. The European Union does not want the data provided by smart watches to fall into the wrong hands and will not be able to combine personal data for online advertising.
Data for less than the price of a coffee
For the first time, a study quantifies the value of data on the dark web, also known as Dark Web. These data are worth around 870 euros, according to the Universitat Oberta de Catalunya (UOC). Of course, this is an estimate, since there are no official figures. UOC Data Protection postgraduate professor Eduard Blasi explains that “in the Internet ecosystem, if we do not pay for it directly, we end up paying for it indirectly with our data or even metadata.” This expert makes a very revealing warning: “The belief that everything is free is a utopia.”
In the opinion of specialists, Internet products and services should be more transparent. This was the reason why in May 2018 the new EU data protection regulation. At that time, 71% of Europeans already shared their personal data on the internet, but only 15% felt they had control over that information, according to data from the European Commission. «What the legislation seeks when regulating data protection is ultimately to give the power of control and provision of data to the user, so that you have the possibility of knowing exactly what data you have on each site and being able to remove what you consider appropriate at any time. But in practice it is difficult to exercise absolute control over data, especially on free platforms. However, the incorporation of privacy principles in the design and by default of the new European regulation will undoubtedly make it easier for the user to regain this control over their data,” says Professor Eduard Blasi.
One of the most dangerous consequences when it comes to share personal data in public, whether voluntarily or involuntarily, is doxing, a type of cyberbullying that consists of using some personal information to damage reputation by selling it on the Darkweb. The Kaspersky researchers have analyzed the price that personal security can cost online and have discovered that access to sensitive data, such as medical history or identification information, can cost less than a coffee. Everything has a price, and so does data. And even more so when the majority have already lost account of the sites where they have set their password. So currently the phrase information is power gains even more strength in a hyperconnected world dependent on our technologies.
David Jacoby, senior security analyst at Kaspersky Lab, explained at a company convention that the value would be around three dollars per person if it is a Facebook, Xbox or Netflix account. Double that if what they want is one from Spotify, and up to ten dollars if we’re talking about AirBnB. The free options are not immune to hacking either, since obtaining a Skype user’s password costs just over half a dollar.
Awareness about privacy issues are increasingHowever, most of us only have a general understanding of why it is important, in fact, 41% of Spanish millennials consider that it is “too boring” to be a victim of cybercrime according to a survey carried out by the renowned international company dedicated to computer security. And this is not so. For example, doxing, which, in a way, is a method of cyberbullying, can affect any user who expresses themselves online or who does not coincide with the values of other users.
To better understand how users’ personal information could be used, Kaspersky has analyzed active offers on a dozen international Dark Web forums and markets. Research has shown that access to personal data can come at an exit price of less half a dollar for an ID, depending on the depth and breadth of the data offered. Some personal data continue to have the same demand as almost a decade ago – mainly credit card data, access to banking and electronic payment services – and their respective prices have not changed in recent years.
However, new types of data have also emerged. Personal medical records and selfies with personal identification documents are now included, priced up to $40 (33 euros). The increase in the number of photos with documents in hand and the schemes that use them also reflects a trend in the “cybergoods game.” The misuse of this data can have quite important consequences, such as carrying out malicious activities through identity theft.
The consequences of misuse of other types of personal data are also relevant. Data sold on the black market can be used for extortion, running scams and phishing schemes, and outright theft of money. Certain types of data, such as access to personal accounts or password databases, can be used not only for financial gain, but also for reputational and other types of social harm. «Social networks have made especially significant progress in this regard, as it is now much more difficult to steal a specific user’s account. That said, I think our research highlights how important it is to be aware that data is, in fact, for sale, and can be used for malicious purposes, even if one does not have a lot of money, does not express controversial opinions or does not “It’s very active online,” says Dmitry Galov, security researcher at Kaspersky’s GREAT.
Credit card details – 5 to 8 euros
Scanned driving licenses – 5 to 20 euros
Scanned passports – 5 to 12 euros
Subscription services – 0.5 to 6.5 euros
Identification (Full name, SSN, DOB, email, mobile) – 0.5 to 8 euros
Selfie with documents (passport, driving license) – 32 to 50 euros
Medical history – 1 to 25 euros
Online bank account – 1-10% of its value
PayPal account – 40 to 400 euros