The unreliability of scary hacking statistics from the dark web
A bevy of news stories and researchers will tell you that hackers sell personal data for frighteningly small amounts of money on the dark web. According to a new report from Terbium Labs, those statistics might be well-intentioned but are almost certainly not helpful to understanding the issue.
Why it matters: Reports about how much money credit cards cost in criminal markets don't tend to use consistent definitions — there's no way to draw any meaning from a report last year saying card information costs $5 and one today saying it costs $10.
- Costs vary for any number of reasons, Emily Wilson, Terbium fraud intelligence manager, tells Axios.
- Shoppers can buy in bulk. The older the cards are, the more likely they are to have been canceled. There are Black Friday sales. "There are markets that are more like big box stores and more like boutiques," says Wilson.
Adding rigor: Bringing scientific rigor and consistent definitions could be really useful. We don't know, notes Wilson, if the prices go back up after Black Friday or how law-enforcement actions or service disruptions change costs.
- Until there's more consistency, Wilson will see these studies more as a marketing tool than a useful fact-finding operation.
- "We need to stop doing what's easy and start doing what's right. Right now these are selling fear," says Wilson.