Our personal data is being bought and sold online at alarming rates. But where does all this data come from, and what exactly is it used for? Let’s take a look at how your data ends up in the open market.
Web Scraping
Web scraping is a process that involves using bots in order to access websites and collect specific data from the pages they visit. This process is known as crawling. Web scrapers can be deployed for a number of reasons. For example, Google uses crawling bots to help it more accurately categorize the pages by gathering metadata from them. Alternatively, a website that compares the prices of different insurance packages, or anything else for that matter, will scrape other websites to get the comparison data that it needs.
Web scraping can help you gather large volumes of data from any publicly available source. However, if data is hidden behind some kind of authentication or login, it can only be relieved if the scraper has access to the system. This has created a market for businesses that are able to sell access to their data without actually having to part with their data.
Open-source Intelligence
Open-source intelligence refers to the use of openly available data for intelligence purposes. In this case, intelligence doesn't necessarily have to relate to national security or espionage, although plenty of open data sources are being used for this purpose. A much more common use case would be corporate espionage, which can utilize openly available data to gain insights into other businesses.
One of the problems with using open-source data for intelligence purposes is something called data overload. Put simply, it is possible to gather too much data, so much that it becomes difficult to draw any meaningful conclusions from it. As a result, most of the tools that now exist to facilitate open-source intelligence data-gathering aim to help security professionals focus on specific areas of interest.
Public data sources make it easy for anyone who knows what they are doing to gather as much data as possible about their targets. This data can then be analyzed and combined to discover things that the subject had never intended to share with other people in an open forum.
Selling Leaked Data
Besides scraping data from publicly accessible sources, you can also purchase personal data with ease on the dark web. Let's say that you are a cybercriminal targeting a specific individual. You know that this person uses Spotify and Facebook, but you don't have any other information about them. If you turn on the news and discover that Spotify and Facebook have both been hit by serious data breaches, you might just be in luck. The information stolen in these breaches will inevitably appear in the dark web. You can purchase access to it, or perhaps even specific entries from it, for a very small price.
If the data includes passwords for either service, you could try to use the password you have with Spotify or Facebook to see if the target used the same ones for all their apps. You might also gather some interesting personal information from their Facebook data that will let you get the answers to the security questions for other services. By combining different pieces of data, attackers can turn seemingly innocuous personal details into much more useful information.
De-anonymizing Data
A lot of people feel a false sense of security knowing that their data is anonymized. Anonymized data is any data that cannot be tied back to a specific individual. In order to be truly anonymized, the data that is held about specific individuals should be broken up into parts. If the data is still grouped together, it becomes very easy to de-anonymize it.
De-anonymization is the process of taking anonymized data and pairing individual data points with individual identities. You don’t necessarily need to know who the data concerns in order to de-anonymize it. De-anonymization is a complex process, but anyone can do it given the necessary resources.
By using a technique known as fingerprinting, it is possible for advertisers to track what all of us do online, no matter what steps we take to prevent it. In order to de-anonymize internet users, fingerprinting uses a wide range of data (i.e. the resolution of the browser window) to build individual profiles with startling accuracy.
If you were to sell your own data, you wouldn’t be able to make much money out of it. Even if you found the perfect buyer, your private data isn’t worth very much when you sell it this way. However, no matter how hard you try to keep your data safe, there are always going to be people looking to get their hands on it.
0 Comments