Have you ever wondered where your credit card number goes when a big company like Target or Yahoo gets hacked? Chances are it winds up on something called the dark web. Stephen Cobb, senior security researcher at cybersecurity company ESET recently wrote about how dark markets where stolen credit card data are bought and sold have “evolved” in recent years. Cobb took Marketplace host Kai Ryssdal on a guided tour of the dark web to demonstrate why cybercrime is easier than ever before.
They used Duck Duck Go, a search engine that provides more anonymity than Google and a Tor browser, an anonymity service, to find information about accessing dark markets.
“Just to be clear” Cobb said, “if you were a serious bad guy, you would probably also be running over what we call a virtual private network and you'd be running a really good piece of security software. But basically, you would use the search engine and you would search for dark markets.”
Cobb guided Ryssdal to Dream Market, a popular marketplace that makes it easy to browse illegal goods for sale such as scans of driver's licenses, bundles of stolen credit card data, which are called "dumps," and ransomware.
Not only was it possible to filter and search for a variety of products on Dream Market, but it offered escrow services, product reviews, shipping information and vendor disclaimers.
“There's a whole advertising side to it as well that's a very colorful part of the market because banner ads for credit card theft tend to be quite extreme,” Cobb said. Here are some examples of banner ads on the dark web:
Click the audio player above to hear Kai Ryssdal's guided tour of the dark web.
Correction (Jan. 2, 2019): A previous version of this story misspelled Anna Keeve's name.
“I think the best compliment I can give is not to say how much your programs have taught me (a ton), but how much Marketplace has motivated me to go out and teach myself.” – Michael in Arlington, VABEFORE YOU GO