Friday, September 11, 2009

Symantec tool calculates your data's value to thieves

It's no secret that criminals are stealing credit card and bank account data and selling it underground. But most people would find it shocking to learn just how little their sensitive personal information costs.

Symantec on Thursday is launching its Norton Online Risk Calculator, a tool that people can use to see how much their online information is worth on the black market. The tool also offers a risk rating based on demographics, online activity, and estimated value of online information.

I tried the tool when I was initially briefed on it a few months ago and was surveyed about my gender and age range; online assets (including credit card and bank account data, brokerage accounts, e-mail accounts, and social network accounts) and an estimated value of all that information; whether I use security software; how cautious I am when online; and how much I think my information is worth.

I use security software (and do my financial transactions mostly on a Mac at home), am fairly cautious while Web surfing, and didn't put a high dollar figure on the value of my digital information. My security risk turned out to be 37 percent, or medium, and the black market worth of my online assets was calculated to be US$11.29.

Those figures didn't change when I modified the gender, age, and estimated value of the data. A recent Microsoft Research report concludes that stolen data offered for sale in underground IRC channels is difficult to monetize because of all the--get this--con artists there.

Regardless of whether the underground revenue figures are overblown, the data is being harvested, sometimes in huge batches, during data breaches at large payment processors, and there is a market for it.

It's discomfiting to think a criminal could pay as little as US$11 to get access to my sensitive personal data for identity fraud purposes, while I could end up spending lots of energy and time--years even--reporting the crime, trying to fix my credit rating, and getting my life back to normal.

Symantec isn't trying to scare consumers with the Norton Online Risk Calculator, but to raise awareness of the risks, said Marian Merritt, Internet safety advocate at Symantec.

"We still find consumers who think using just antivirus is sufficient," she said. Merritt recommends that people use security suites that offer antivirus, firewall, and intrusion detection and prevention software, as well as keep their operating system and browsers updated.

No comments:

Post a Comment