You may have heard of Frank Abagnale. You definitely have if you read the article he wrote for the March/April 2003 issue of LP Magazine—or if you saw the 2002 movie Catch Me If You Can, starring Leonardo DiCaprio and Tom Hanks.
Abagnale was one of the most successful “pre-internet” con men. He was a master of identity theft, impersonator, and check forger. He escaped from authorities twice before he was 21 years old and later served time in prison, although it was fewer than five years. He went on to work for the federal government teaching them criminal fighting techniques and is now a successful consultant and lecturer.
Abagnale committed all his crimes the old-fashioned way—manually, and without the aid of the world wide web.
Fast forward to today. The world is vastly different than the one Frank Abagnale grew up in. Today, master scammers rely heavily on the internet to aid in their crimes. Many of their schemes are basic and easy to identify—if you know where to look.
But then there’s the dark web. Accessing information on the dark web is difficult for the average internet user due to its massive amounts of encryption that needs to be defeated to access it.
Because of this inaccessibility, the dark web has become a playground of modern-day scammers and thieves. The likes of Frank Abagnale have evolved into digital experts using the dark web to peddle guns, stolen credit cards, Social Security numbers, illicit drugs, all forms of personal identification and hardcore and sick pornography.
But, like Abagnale, sometimes modern kingpins of the dark web get caught.
Such is the case of Brett Johnson, dubbed by the US Secret Service as the “Original Internet Godfather.” Johnson created Shadowcrew, one of the first online forums to serve as a shopping service for all things illegal. Federal agents shut down Shadowcrew in 2004. For the next 10 years, Johnson was in and out of prison. He was once on the Secret Service’s most wanted list for stealing over $500,000 from ATMs that he had hacked.
Just like Frank Abagnale, Brett Johnson is now a consultant, helping law enforcement battle criminals, this time in cyberspace.
Johnson’s timing couldn’t be better. In 2017, there were 829 data breaches in the United States, exposing over two billion individual records. According to Javelin Strategy and Research, victims of those 2017 data breaches, victims lost nearly $17 billion.
The regular internet is accessible to all and is what most of us use every day. It’s different from the deep web. Access to the deep web takes user log-ins, but the content is mostly legal—it’s just not as easy to get in to. But the dark web is the devil’s playground. Access to the dark web is only available to those who have access to and use TOR (“the onion router”).
Ironically, TOR was developed by the US Navy to allow anonymous communications by intelligence agents.
Enter the bad guys.
Their main priority is online anonymity, and the onion router is perfect for their activities. All TOR transmissions are sent through multiple servers around the world (like layers of an onion) to disguise the sender. The deep web comprises only about .01% of the internet and uses crypto currency like bitcoins as the payment method of choice. Even at only .01% penetration, dark web sites like AlphaBay (taken down by the FBI in 20017) had over 200,000 users and took in between $600,000 and $800,000 a day, mostly from drug-related transactions.
As we know from previous articles in LPM Insider, “fullz”s (complete packages of everything needed to commit identity theft) are the most viewed and purchased items on the dark web. They’re priced between $20 and $130, depending on how “juicy” the content is. But sometimes even the dark web backfires on its sellers.
Huge data breaches have been known to compromise dark web content and flood the open market, this driving down prices. And it’s interesting how some dark web practices mimic legitimate marketplace tactics.
Similar to eBay’s process, dark web sellers often solicit and publish customer feedback so perspective buyers can evaluate the criminal’s reputation for delivering illegal stolen identity information as described. How’s that for honor among thieves?
Even with bad guys gone good like Brett Johnson helping law enforcement crack the dark web, it’s up to all of us to try and protect our personal information from cybercriminals.
So what to do? Here are three simple steps to start with:
- Freeze your credit. Done through the three major credit reporting agencies, it’s the best way to stop ID thieves from opening new accounts in your name. Sadly, studies have shown that only about 14 percent of adults have ever done this.
- Monitor your accounts. Sounds simple, but it’s not done as regularly as it should be (at least once a week). Alerts can be set up on many types of accounts to alert the owner of activity.
- Use a password manager. These digital services store all passwords in a secure online vault. They will generate complex passwords for each account and make them easy to use for the legitimate owner.
Scammers and con artists have some a long way since Frank Abagnale. As with life itself, the internet has changed everything in the world of fraud. The above steps to protecting yourself from cyber criminals only scratch the surface. Research the subject and take any and all steps necessary to protect your personal information and identity. Remember, masters of the dark web are out there watching.