It’s no secret that fraud is prevalent on the internet, from phishing scams to loyalty account takeovers. But what happens after a fraudulent loyalty account takeover? To start, hackers often take to the Dark Web, the often seedy underbelly of the internet where they can auction off stolen loyalty account logins, points and miles, even merchandise that they’ve fraudulently redeemed.
Our loyalty fraud team recently partnered with Dark Web expert Jason B. Lancaster, Director of Security Research at SpyCloud to take a deeper dive into the Dark Web. As part of our loyalty fraud prevention series, this blog aims to help educate loyalty program managers on the ins and outs of the Dark Web, and how it contributes to loyalty and rewards fraud.
What is the Dark Web?
Let’s start with three key components that make up the Dark Web.
- Deep Web – The Deep Web is a series of websites not indexed by search engines. The Deep Web requires users to input data to gain access to site information, personal data such as medical records that require specific logins, online bank accounts, or subscription-based services.
- Darknet – The Darknet is the encrypted network that hosts the Dark Web.
- Dark Web – The Dark Web is comprised of services and websites, running on the Darknet, that use encryption and anonymizing software to hide its users and data.
Dark Web: Good vs. evil
The Dark Web has a largely negative reputation. When most people hear “Dark Web,” they immediately think of highly publicized crime rings and underground internet scams. While that type of activity does unfortunately occur on the Dark Web, there are also a number of legitimate, non-criminal reasons to access the Dark Web.
Internet users who need to obscure their web traffic for safety reasons, for example, use the Dark Web. Opponents of oppressive regimes around the world that have historically imprisoned activists, journalists and dissidents for sharing information or speaking out publicly against a particular government or regime often turn to the Dark Web. By accessing the internet via the Dark Web, users can freely access and share information with less fear of being caught or imprisoned. In fact, clear web providers such as Facebook have begun offering services on the Dark Web.
The Dark Web & loyalty fraud
Not all activity on the Dark Web is legitimate, however. The anonymity provided by these networks has attracted others (read: criminals) looking to hide their internet traffic from governments, mainly law enforcement agencies. Many markets and forums come and go on the Dark Web, enterprises that sell illicit services and stolen goods, such as loyalty account information and rewards points, miles and merchandise.
Accessing the Dark Web using Tor
Anyone can access the Dark Web with the Tor browser, a preconfigured Firefox installation that handles everything for its users. Simply install the Tor browser and navigate to a .onion site to access sites on the Dark Web. (Note: A Virtual Private Network [VPN] can also be used to obfuscate the origin of its users, however VPNs cannot access the Tor network, so .onion sites hosted there are inaccessible).
Anonymity, encryption & the Dark Web
According the Tor Project, the Tor network is a group of volunteer-based servers that allow people to “improve their privacy and security on the internet.”
Tor encrypts data to and within the Tor network, but not once it exits the Tor network (leaves a .onion site). Tor relays are used to anonymize the traffic source. Its users employ this network by connecting to a series of virtual tunnels rather than making a direct connection from one network to another. In other words, Tor’s tunnels (called nodes or relays) are run by volunteers: thousands of people who have volunteered their computer, server or network to be part of the traffic that passes through the Dark Web.
Is the Dark Web truly “anonymous?”
Networks like Tor provide anonymity – to an extent. Because traffic on the Dark Web is essentially bouncing from server to server, network to network, it becomes increasingly difficult to track the original traffic source (IP address or location of an individual user).
However, no system is perfect, and like anything else, there is no absolutely secure state.
Loyalty account takeover & rewards fraud on the Dark Web
There are thousands of sites hosted within the Dark Web (beyond those in the Tor network which use .onion addresses). These sites provide access to many different marketplaces, some with search engines to help users find them and navigate to specific “products and services.”
Loyalty accounts are among the “products” sold illegally on the Dark Web. Criminals make money off of loyalty program accounts in two primary ways:
- Selling login credentials – Thieves take over a loyalty program account and sell the login credentials so that the buyer can then transfer loyalty points (or whatever form of reward is saved in the compromised account) to another account.
- Cashing in stolen points – Thieves take over a loyalty program account and use the points to purchase rewards (e.g. airline miles, gift cards, merchandise) and either keep the reward for themselves or sell the reward on marketplaces like eBay or Craigslist.
Most often, loyalty account credentials are taken over via individual account takeovers (one at a time). However, breaches of entire organizations also can occur.
And because loyalty fraud carries such a high price tag, it’s imperative that loyalty program managers understand the ins and outs of loyalty fraud and best practices to protect their most valuable asset – loyal customers.
Subscribe to our blog to stay tuned for part two in our series on the Dark Web which will further explore what happens to loyalty account data after a breach as well as best practices to help program managers keep their rewards members safe.