Receive our updates
sharing market insight,
analysis and expert opinion.

A new era in protecting your digital footprint

Consumers and business alike are at constant threat of their personal data being collected and traded amongst criminals within a “Shadow Economy”.  Lifestyle Services Group look at what trends are emerging relating to personal data related crime and provide an insight into what happens when your data falls into the hands of the cyber criminal.  

The trading of personal data by organised criminal gangs which is then used to commit fraud against individuals and corporate organisations has become one of the fastest growing crimes in the world.  Recent high profile cases such as the Sony database hacking has made the general public more aware about the risk of their personal data getting into the hands of criminals focused on using it to fraudulently obtain cash or even to fund other criminal activity, such as terrorism and drug trafficking.

In the early days of identity fraud, concerns were focused on criminals gathering personal data through techniques including raiding bins, trading stolen passports and driver licences and online phishing.  Times have now changed and although these are still methods through which personal data can be collected, people are now living their lives more mobile and online and leaving an increased digital footprint behind them, as a consequence the main and wider threat now comes from two main sources:

• Malware viruses being placed on PCs and laptops, silently collecting data and feeding it back to criminals.
• Hacking into major institutional databases, collecting thousands and sometimes millions of data records at a time.

By collect personal data via these methods criminals are able to build massive databases, slowly building up individual data profiles until they have enough information to successfully apply for financial credit under someone’s identity or indeed via a fake identity.

The scale of the problem

In February, the Cabinet Office released a report^[1] that estimated the total cost of digital related crime to be £27bn per year. This included £3.1bn of crime suffered by individuals through online scams and identity theft techniques like those mentioned above, and £2.2bn of fiscal fraud.   The growth and threat of cyber based crime has forced the Government to increase cyber threats to one of only four “Tier One” risks to UK security and invest £650million in a national programme aimed at addressing the issue.  Worryingly, however there is little awareness of the potential impact on business and individuals with no national strategy in place across both public and private institutions. 

Understanding the main threats to consumers

While there are still risks of an individual having information stolen via lower impact methods of data theft such as bin raiding, the main threat now and into the future most definitely comes from more mass market methods.

The Malware threat

Malware virus attacks are on the increase.  Latest estimates show that there are over 1 million new viruses attacking personal and commercial computers every year in the UK.  The common defence against these attacks are Firewalls and Anti Virus software placed directly on the PC. Unfortunately, Anti Virus software is only as good as its last release and staying one step ahead of the Malware developers is proving impossible, leaving consumers and businesses alike exposed to new viruses on a daily basis. 

Malware attacks on smartphones are an emerging and increasing trend which act as a serious threat to the security of an individual’s data.  Smartphone malware attacks have reportedly increased by 250% over the first 6 months of this year – however consumers are not aware of the need to protect their smartphone in the same way as they do their PC.  This opens a huge opportunity for the criminals to send viruses to sit undetected on the smartphone and capture personal login and transactional data.

Claus Villumsen, CTO at BullGuard – one of the UK’s leading anti virus software developers adds that “We know that less than 8% of smartphone users actually use security software on their phones, although most people engage in high risk behaviour on their phone – a recent BullGuard survey revealed that 61% update their social media profiles and 24% conduct banking activities through their phones. We also know that most of the malware infecting phones is spyware, infecting the device with the sole purpose of harvesting passwords, bank details and contact information. The point of spyware is that it operates covertly to avoid detection by the user. Only security software can detect it. ”

The hacking threat

The hacking of institutional databases is news that we hear on a regular basis.  The most recent high profile case of this involved Sony where millions of customers’ data was allegedly stolen and being traded within a shadow economy.  The reality is that an individual’s personal data is stored on thousands of separate databases at any one time, and as it’s estimated that thousands of institutional hacking attacks take place each day, there is a very real threat that everyone’s data will at some point be hacked and then traded amongst criminals.  

With millions of records at stake, institutional hacking can prove to be a very lucrative and efficient way of building large volume databases that can be split up and sold to bespoke requirements. 

This form of data breach also highlights that no matter what self precaution activity an individual takes to protect their own data, they are now also reliant on the security capabilities of each and every database on which they sit. 

An underworld Direct Marketing industry

The “Shadow Economy” of trading personal data acts very much like direct marketing businesses, building up data from different sources to create a full profile of any number of individuals.  When there is enough data on which to act they will sell it on to another party – who will then turn that personal data into cash by applying for credit under another’s identity and use it to buy and then sell consumer goods.

The organisation of such data trading is both sophisticated but yet simplistic.  Sophisticated in the sense that criminals involved in the data trading are hard to track, well organised, disciplined and spread disparately across the globe crossing many Law enforcement jurisdictions.   However there is nothing complex about how they transact and communicate, often via email accounts, ftp sites and chat rooms which act as virtual street corners. 

Lifestyle Services Group have recently partnered with Identity Intelligence, a company which hold a unique position in the fight against this criminal activity. They use human intelligence and detection techniques to intercept files of data that are actively traded in the shadow criminal economy.

Colin Holder a Director of Identity Intelligence explains: “Knowing the habits of these criminal data traders, how they interact and the methods through which they transact is the key to intercepting data that will at some point be used to commit fraud. Over the past 7 years we have been monitoring this criminal activity and have built up a database of over 500 million compromised data records, all of which have been, are currently or will be used to commit fraudulent transactions.”

Colin’s extensive knowledge on this matter comes from his time as a Detective within the Fraud Squad based at Scotland Yard. He adds: “Although the police have dedicated fraud functions that work to combat the issues and deliver new prevention strategies, the problem is just too big to solve. The organisation and global nature of these groups means that coordination between legal authorities across the world is such a massive task.”

In recent years consumers have been presented with Identity Theft Protection products that allow monitoring of credit reports to help them detect if their personal data is being used to create additional lines of credit for criminal use.  However the problem of data trading does not just create problems in credit line applications. The growing issue is the build up of hundreds of millions of personal data records being traded over and over again that can enable someone to take over many other aspects of an individual’s life. As we live more of our lives via technology, sharing more data online through PCs and smartphones, these risks are set to compound. 

Rosemary O’Neil, Privacy Product Innovation Manager at Lifestyle Services Group concludes: “We face a growing problem and constant battle to stay as close to the shadow economy as we can.  The best form of personal defence against this problem is early detection of your data having been compromised and then support in understanding what to do about it.   The breadth of intelligence that is required just to keep up with the criminals is immense, however by working with Identity Intelligence there is a great opportunity for Lifestyle Services Group and the counter fraud community to create a better awareness of the problem.”

As part of their continued focus on delivering solution to support the mobile life, Lifestyle Services Group and Identity Intelligence are collaborating to bring an alternative and unique solution to the UK market to help individuals identify whether any of their personal data is currently being traded within the Shadow Economy, and more importantly what they need to do about it.  For more information on Lifestyle Services Groups Data Monitor powered by Identity Intelligence please contact us by clicking here.

What's new...