 |
|
|
|||||
Every year, massive data breaches harm the public. The targets are email service providers, retailers and government agencies that store information about people. Each breach includes sensitive personal information such as credit and debit card numbers, home addresses, and account usernames and passwords from hundreds of thousandsand sometimes millionsof people. When National Public Data, a company that does online background checks, was breached in 2024, criminals gained the names, addresses, dates of birth, and national identification numbers such as Social Security numbers of 170 million people in the U.S., U.K., and Canada. The same year, hackers who targeted Ticketmaster stole the financial information and personal data of more than 560 million customers. As a criminologist who researches cybercrime, I study the ways that hackers and cybercriminals steal and use peoples personal information. Understanding the people involved helps us to better recognize the ways that hacking and data breaches are intertwined. In so-called stolen data markets, hackers sell personal information they illegally obtain to others, who then use the data to engage in fraud and theft for profit. The quantity problem Every piece of personal data captured in a data breacha passport number, Social Security number, or login for a shopping servicehas inherent value. Offenders can use the information in different ways. They can assume someone elses identity, make a fraudulent purchase, or steal services such as streaming media or music. The quantity of information, whether Social Security numbers or credit card details, that can be stolen through data breaches is more than any one group of criminals can efficiently process, validate, or use in a reasonable amount of time. The same is true for the millions of email account usernames and passwords, or access to streaming services that data breaches can expose. This quantity problem has enabled the sale of information, including personal financial data, as part of the larger cybercrime online economy. !function(){"use strict";window.addEventListener("message",(function(a){if(void 0!==a.data["datawrapper-height"]){var e=document.querySelectorAll("iframe");for(var t in a.data["datawrapper-height"])for(var r,i=0;r=e[i];i++)if(r.contentWindow===a.source){var d=a.data["datawrapper-height"][t]+"px";r.style.height=d}}}))}(); The sale of data, also known as carding, references the misuse of stolen credit card numbers or identity details. These illicit data markets began in the mid-1990s through the use of credit card number generators used by hackers. They shared programs that randomly generated credit card numbers and details and then checked to see whether the fake account details matched active cards that could then be used for fraudulent transactions. As more financial services were created and banks allowed customers to access their accounts through the internet, it became easier for hackers and cybercriminals to steal personal information through data breaches and phishing. Phishing involves sending convincing emails or SMS text messages to people to trick them into giving up sensitive information such as logins and passwords, often by clicking a false link that seems legitimate. One of the first phishing schemes targeted America Online users to get their account information to use their internet service at no charge. Selling stolen data online The large amount of information criminals were able to steal from such schemes led to more vendors offering stolen data to others through different online platforms. In the late 1990s and early 2000s, offenders used Internet Relay Chat, or IRC channels, to sell data. IRC was effectively like modern instant messaging systems, letting people communicate in real time through specialized software. Criminals used these channels to sell data and hacking services in an efficient place. In the early 2000s, vendors transitioned to web forums where individuals advertised their services to other users. Forums quickly gained popularity and became successful businesses with vendors selling stolen credit cards, malware, and related goods and services to misuse personal information and enable fraud. One of the more prominent forums from this time was ShadowCrew, which formed in 2002 and operated until being taken down by a joint law enforcement operation in 2004. Their members trafficked more than 1.7 million credit cards in less than three years. Forums continue to be popular, though vendors transitioned to running their own web-based shops on the open internet and dark web, which is an encrypted portion of the web that can be accessed only through specialized browsers like TOR, starting in the early 2010s. These shops have their own web addresses and distinct branding to attract customers, and they work in the same way as other e-commerce stores. More recently, vendors of stolen data have also begun to operate on messaging platforms such as Telegram and Signal to quickly connect with customers. Cybercriminals and customers Many of the people who supply and operate the markets appear to be cybercriminals from Eastern Europe and Russia who steal data and then sell it to others. Markets have also been observed in Vietnam and other parts of the world, though they do nt get the same visibility in the global cybersecurity landscape. The customers of stolen data markets may reside anywhere in the world, and their demands for specific data or services may drive data breaches and cybercrime to provide the supply. The goods Stolen data is usually available in individual lots, such as a persons credit or debit card and all the information associated with the account. These pieces are individually priced, with costs differing depending on the type of card, the victims location and the amount of data available related to the affected account. Vendors frequently offer discounts and promotions to buyers to attract customers and keep them loyal. This is often done with credit or debit cards that are about to expire. Some vendors also offer distinct products such as credit reports, Social Security numbers and login details for different paid services. The price for pieces of information varies. A recent analysis found credit card data sold for $50 on average, while Walmart logins sold for $9. However, the pricing can vary widely across vendors and markets. Illicit payments Vendors typically accept payment through cryptocurrencies such as Bitcoin that are difficult for law enforcement to trace. Once payment is received, the vendor releases the data to the customer. Customers take on a great deal of the risk in this market because they cannot go to the police or a market regulator to complain about a fraudulent sale. Vendors may send customers dead accounts that are unable to be used or give no data at all. Such scams are common in a market where buyers can depend only on signals of vendor trust to increase the odds that the data they purchase will be delivered, and if it is, that it pays off. If the data they buy is functional, they can use it to make fraudulent purchases or financial transactions for profit. The rate of return can be exceptional. An offender who buys 100 cards for $500 can recoup costs if only 20 of those cards are active and can be used to make an average purchase of $30. The result is that data breaches are likely to continue as long as there is demand for illicit, profitable data. This article is part of a series on data privacy that explores who collects your data, what and how they collect, who sells and buys your data, what they all do with it, and what you can do about it. Thomas Holt is a professor of criminal justice at Michigan State University. This article is republished from The Conversation under a Creative Commons license. Read the original article.
Category:
E-Commerce
What does the future hold for business leaders and entrepreneurs? With a rapidly changing world, how does one navigate a path to success? To get a better sense of where we are heading, I caught up with Futurist Joana Lenkova of Futures Forward, who shares insight on how leaders should be thinking about the future of their business. Q: Tell me a little bit about yourself and what a futurist does? Joana Lenkova: I have a background in brand, strategy, innovation, and foresight within large corporations like The Walt Disney Company and now the LEGO Group. In 2019, I founded Futures Forward, my own consultancy, which allows me to work not only with corporations but also with nongovernmental organizations, start-ups, and governmental institutions to imagine better futures for them. Q: How should business leaders and entrepreneurs be thinking about AI and the tools available to them now? Lenkova: For me the more interesting question isnt which tools we are using, its what these tools are enabling us to do. We live in an age of radical accessibility. Entrepreneurs and professionals today have easy access to low or no-code platforms, AI assistants, a global freelance talent pool, and direct-to-consumer distribution platforms. I think the real shift is in speed, access, autonomyand with AI its agency. What used to require full teams and big capital can now be prototyped by one person over a weekend. Q: What about people who are about to start a company now? What advice would you give them as they consider using all this new technology? Lenkova: I have been thinking a lot about that because we tend to get enamored by technology. But what is the one thing that is as important today as it was in the past? Even though these tools have evolved, what really matters hasn’t changed. It’s still about having a clear vision, the ability to adapt, and to solve something meaningful. So, somebody launching a business now, you should really ask yourself, what is the real human need that I’m going to be serving? A lot of times businesses start from a technology, you know, let’s develop this and let’s experiment and prototype and see where it takes us. But in the end, it will be successful if it can be a solution for a meaningful future need. Q: How should business leaders and startup founders be thinking about building teams as many roles are now aided or replaced by AI? Lenkova: I think starting with the problem and not with the technology you use. Perhaps choose to hire versatile hybrid thinkers instead of deep specialists, especially when you need innovative solutions and quick adaptability as a business. Of course, the context is important. But that’s exactly how futurists thinkwe look for cognitive diversity. There is interesting work from Scott Page, whose research shows that diverse groups of people can outperform homogenous groups of experts. Leaders sometimes tend to hire people who confirm their own biases unconsciously, but that’s not healthy. You need people who can shine a light on your blind spots, not those who agree with you. Q: Do you think we are living in a time where we will witness the first solopreneur who utilizes technology and AI to become a billionaire? Lenkova: I wonder if we already have. With creators like MrBeast, for example, who are building these personal media brands in such a different way, creating new IPs, licensing, content, and product lines. Solopreneurs are super enabled today to reach vast global audiences and it can happen overnight using the available tools smartly. But the more interesting thing to me is that there is a shift in values. I really wonder if the next generation of founders are going to aspire to be billionaires in terms of dollarsor maybe this is just a hopeful scenario that I’m living in, that they would want to measure their success by impact or by freedom. So maybe the first billionaire solopreneur will choose not to be one in the traditional sense. Q: Do you think we are heading in a direction where everyone will eventually need to become an entrepreneur or self-employed? Lenkova: Not necessarily, but we are in a world where entrepreneurial thinking is essentialeven inside large companies. I think there definitely will be more experiments in new forms of governance. On one hand the change will manifest in a stronger connection to purpose, keeping the commercial organization structure but looking to generate value across people and planet in addition to profit. I see this in the future as a hygiene factor. Think regenerative systems. On the other hand, we’re also seeing more importance placed on community-led brands, experiments with decentralized forms of governance, etc. But to allow for these changes, you have to remember that the legacy systems and ways of incentivizing governance boards and employees will have to change as well. Q: Anything youd like to share with people launching a business right now? Lenkova: Yesdont just build a product, build a worldview, have a purpose. It isnt enough to sell products, you really have to make positive change to humans, to the planet, to the community. Think about regenerative practices and look at multiple future scenarios. Think about what the world may look like, what youd like the world to look like, and make it happen. Think about the future needs of your stakeholders and build solutions for those. What do you believe about the future that others dont yet see? Let that be your compass. Maureen Brown is co-founder and CEO of Mosie Baby.
Category:
E-Commerce
Butler/Till was introduced to the idea of becoming a B Corp in 2015 when we acquired a small marketing consultancy that did a lot of work in the energy space. Being a B Corp was really important to those employees, and with just a little bit of homework, we realized that the values involved in the certification process were the same values wed woven into our DNA since our founding. The B Corp designation has become a kind of shorthand for a purpose-driven company that balances profits with people and the planet. The designation is not 100% altruistic, nor should it be. B Corps are for-profit companies that believe you can do business for good and that your employees, your clients, and your business all benefit when you do. We are just finishing up the recertification process, which is required every three years. While it can be a challenging process, it pushes us to reevaluate our commitment to corporate social responsibility across five areas: community, governance, customers, environment, and workers. At Butler/Till, this is not a top-down process; it is spearheaded by a dedicated committee of employees who want to ensure we stay true to our values every day. The problem with B Corp certification In recent years, B Corp certification has come under fire from within the community. In 2022, a group of B Corp organizations sent an open letter to B Lab, the nonprofit organization behind the process, protesting the certification of a multinational company with a history of child labor issues and anti-environmental practices. The letter pointed out flaws in the certification process, suggesting it had become susceptible to exploitation for greenwashing purposes and demanding changes. In response, B Lab acknowledged these concerns and published a set of new rules in April to rectify the situation. While the rewriting of these rules took longer than expected, Dr. Bronnersone of the companies that signed the letter in 2022decided not to wait. Earlier this year, the company publicly announced it would be relinquishing its B Corp status when it expires near the end of 2025 and that it would be taking the B Corp logo off of its products. The founders explained, Sharing the same logo and messaging regarding being of benefit to the world with large multinational CPG companies with a history of serious ecological and labor issues, and no comprehensive or credible eco-social certification of supply chains, is unacceptable to us. I applaud their conviction for a just and sustainable planet, but I think their decision to denounce the system rather than stay and fix it is shortsighted. The letter pointed to other highly successful companies committed to justice and sustainability, notably Patagonia and Ben & Jerrys, as examples of those doing it right. The not-so-subtle message here is that the 8,000+ companies that have invested the time and resources to become certified B Corps are not doing it right or not doing enough. Work together to do good This you cant be us message is the opposite of the inclusivity organizations seek when they commit to becoming a B Corp. Were in a moment in this country when companies face backlash for DEI efforts, and the need for corporate social responsibility of any kind is being questioned. This is not the time to give up on efforts to do business in a better way. If anything, employees need us to lean in more than ever. The B Corp values of working together to do good are engraved into our ethos. We make a conscious effort to create an environment where people get to do their best work, feel fulfilled, acknowledged, and respected, and earn a good living doing it. We are also a 100% ESOP (Employee Stock Ownership Plan), meaning that the company is fully employee-owned. This keeps us independent and allows us to make decisions that are truly in the best interest of our clients and also happen to be in the best interests of our employee-owners. Weve also committed to spending a certain portion of our dollars with like-minded, minority-owned, women-owned businesses, including other B Corps and other ESOPs. Social good is ingrained in everything we do. B Corp certification helps us solidify and display that commitment to our employees, our clients, our partners, and our community. Giving that up because the process is not perfect would be steps backward versus forward. Throwing away certification isnt the answer Its easy to call people outits practically all anyone does on social media these daysbut purity tests arent useful. B Labs process may certainly be flawed. Companies are scored in each area, and then the results are averaged. This means a low score in one area, like customers or governance, could be essentially ignored if the scores in other areas were high enough. I certainly hope that B Lab’s new rules fix this glaring error in calculation, but throwing the certification away entirely is not the answer. The truth is that most companies do not meet the existing metric. Isnt it better to call them in versus out and give them something to strive for than to declare that theres a small club of pure companies out there that they can never belong to, even if they try? Kimberly Jones is CEO of Butler/Till.
Category:
E-Commerce
All news |
||||||||||||||||||
|
||||||||||||||||||