Have you ever wondered where your credit card number goes when a big company like Target or Yahoo gets hacked? Chances are it winds up on something called the dark web. Stephen Cobb, senior security researcher at cybersecurity company ESET recently wrote about how dark markets where stolen credit card data are bought and sold have “evolved” in recent years. Cobb took Marketplace host Kai Ryssdal on a guided tour of the dark web to demonstrate why cybercrime is easier than ever before.
They used Duck Duck Go, a search engine that provides more anonymity than Google and a Tor browser, an anonymity service, to find information about accessing dark markets.
Stephen Cobb, a security researcher at the cybersecurity company ESET, in his San Diego office waiting to show Marketplace host Kai Ryssdal around the dark web.
“Just to be clear” Cobb said, “if you were a serious bad guy, you would probably also be running over what we call a virtual private network and you’d be running a really good piece of security software. But basically, you would use the search engine and you would search for dark markets.”
Cobb guided Ryssdal to Dream Market, a popular marketplace that makes it easy to browse illegal goods for sale such as scans of driver’s licenses, bundles of stolen credit card data, which are called “dumps,” and ransomware.
Not only was it possible to filter and search for a variety of products on Dream Market, but it offered escrow services, product reviews, shipping information and vendor disclaimers.
“There’s a whole advertising side to it as well that’s a very colorful part of the market because banner ads for credit card theft tend to be quite extreme,” Cobb said. Here are some examples of banner ads on the dark web:
Examples of banner ads on the dark web.
Click the audio player above to hear Kai Ryssdal’s guided tour of the dark web.
Correction (Jan. 2, 2019): A previous version of this story misspelled Anna Keeve’s name.