When it comes to stolen confidential data, the imagination conjures up hackers, dishonest businessmen, or government officials. But it turns out that all it takes is a small amount of money.
Farnsworth Intelligence, founded by 23-year-old Aidan Rainey, does not hide its activities. It sells data on a website called Infostealers.info (infostealers are malicious programs that steal data from a device without being noticed). According to the study 404 Media, a purchase of $50 or more provides access to the database personal data of citizens of all US states and many countries and the world, searchable.
This is not the usual basic data that can be easily found on open sites with user profiles. This is likely to be information obtained directly from data breaches or stolen from companies and services in ways that are considered criminal in almost every country. An almost complete set of data is available for viewing, including usernames and passwordsthat a person uses.
The functionality is supposedly available not unconditionally, but to anyone who can give a good reason. The list of allegedly legitimate uses that Farnsworth accepts includes «private investigations, intelligence, journalism, law enforcement, cybersecurity, compliance, intellectual property/brand protection». There is no mention of a warrant required to access information. Moreover, the company openly boasts of rather dubious actions.
«We’re known for our intelligence capabilities — we successfully infiltrated a North Korean laptop farm using social engineering techniques and successfully extracted intelligence that saved companies millions of dollars»,” the advertorial reads. Despite the fact that it is about the DPRK, this does not look like something legitimate.
Finding stolen personal information is relatively easy because databases of millions of people often end up in the darknet. There are also legitimate reasons to locate and catalog these databases: for example, security companies may do so to notify their customers when their passwords are leaked. But this is a trade that has probably been given only a superficial appearance of legitimacy.
«Simply put, this company profits from selling stolen data by re-victimizing people whose personal devices have already been compromised and data stolen. This data is likely to be used to further harm people: police use it for warrantless surveillance, stalkers use it to gather information about their victims, high-level fraud, and other malicious motives»»,” Cooper Quintin, senior public interest technologist at the Electronic Frontier Foundation (EFF), told 404 Media.
The 404 Media website requested a comment from Farnsworth Intelligence and its founder, but received no response. Several experts with whom 404 Media spoke called the described practice extremely unethical, and in some cases, the use of this data is probably illegal. As a reminder, only a court can recognize any actions as legal or not.
Spelling error report
The following text will be sent to our editors: