Kevin M. Guskiewicz President at Michigan State University | Official website
Kevin M. Guskiewicz President at Michigan State University | Official website
Every year, data breaches expose sensitive personal information such as credit card numbers, addresses, and passwords. These breaches affect a wide range of targets, including email service providers, government agencies, and commercial retailers.
Tom Holt, a professor at Michigan State University’s School of Criminal Justice in the College of Social Science, studies how hackers and cybercriminals misuse private information in stolen data markets. He provides insights into the implications of stolen data.
Holt explains that "every piece of personal data captured in a data breach — a passport number, Social Security number or login for a shopping service — has inherent value." This information can be used for identity theft or fraudulent purchases. In the early 2000s, web forums became popular venues for selling stolen credit cards and malware.
The demand for stolen personal data is high because the volume of information available from breaches exceeds what any single group can process efficiently. This has led to an online economy where personal financial data is sold as part of larger cybercrime operations.
Data sales often occur through "carding," which involves misusing stolen credit card numbers or identity details. Illicit markets began in the mid-1990s with credit card number generators. ShadowCrew was one notable forum trafficking over 1.7 million credit cards before being shut down by law enforcement in 2004.
Today, vendors operate web-based shops on both the open internet and dark web using specialized browsers like TOR. Messaging platforms such as Telegram and Signal are also used to connect with customers quickly.
The operators of these markets are often cybercriminals from Eastern Europe and Russia. Customers may reside globally and drive demand for specific data or services that lead to further breaches. Vendors offer discounts to attract buyers using soon-to-expire cards.
Holt notes that "data breaches are likely to continue as long as there is demand for illicit, profitable data." The profitability incentivizes ongoing breaches since offenders can recoup costs easily if only a fraction of purchased cards are active.
As director of MSU’s Center for Cybercrime Investigation and Training, Holt's research aims to reduce threats from these markets by assessing the impact on Michigan residents who experience data loss. The center develops awareness campaigns and provides free training to local police on responding to cybercrimes like carding and online fraud.
Alerts Sign-up