If an identity thief manages to steal a tax preparer’s client data, where does it go? An IRS investigator gives us a chilling roadmap for stolen data’s journey—from closely guarded identification to illegal commodity.

James Daniels is an IRS special agent in the agency’s Criminal Investigations (CI) cybercrimes division. He was the featured speaker in a recent IRS webinar on computer security held as part of National Tax Security Awareness Week.

Daniels says private information stolen from taxpayers or tax preparers frequently winds up in a dark corner of the Internet termed the Dark Web. The best analogy, he says, is to think of the Internet as a deep ocean. At the top is the Surface Web, inhabited by the websites that can be seen without restriction. On the On the Surface Web, no one needs a username or password to see content. Corporate websites, government agency public information sites and other freely available websites all are in the Surface Web.

Diving Deeper

The next layer, termed the Deep Web, is made up of websites that do require usernames and passwords to access. Daniels estimates roughly 95 percent of the total content on the Internet is in the Deep Web. Here you find banking, health care, tax, and other sites all guarded by security measures.

Within the Deep Web is an area that ensures the highest degree of anonymity to its visitors: the Dark Web. Originally created by the U.S government, the Dark Web was designed to transmit military information securely via the Internet. The military eventually opened the Dark Web to other users, Daniels says, to keep tabs on them.

Everything within the Dark Web is encrypted; in fact, to access anything within this cyberspace requires special software. The main key to get in is a free plug-in for the Mozilla Firefox browser called TOR, which stands for The Onion Router.

“The name comes from how TOR encrypts your Internet traffic, which is like the layers of an onion,” Daniels says. “If you’re using TOR with a Firefox browser, all the information is sent to a series of three network servers and is encrypted by each server in turn. The aim is to obscure your IP address, keeping you anonymous.”  

Shopping for Cyber-Crooks

Once client tax information is stolen, it’s usually sent to the Dark Web, where it’s sold to eager identity thieves looking to use the identities to file bogus income tax returns and get thousands of dollars in fraudulent refunds.

The thieves market looks and operates just like legitimate shopping site on the Surface Web—except the offerings include illegal drugs, weapons, stolen identities and more.

“The most sought-after stolen identities are called ‘fulz,’” Daniels says. “That means the stolen files include the full name, SSN, address and bank account numbers. Fulz can go for as much as $40 each.” Social Security numbers without the other supporting data, if bought in bulk, could go for $1 each—or even less, depending on the number of SSNs bought.

And Daniels reminds that the holiday season is a busy time for cybercriminals. “It’s shopping season for identity thieves too,” he says.

Payment for stolen data is always in cryptocurrency: Bitcoin, Ethereum, Litecoin, and Ripple, to name a few. And like the Dark Web, cryptocurrency is designed to preserve anonymity.

Not All Bad

So does anyone use the Dark Web other than criminals? Absolutely, said Daniels. Some countries prohibit their citizens from talking or communicating freely with people outside the country. In other cases, whistleblowers need to pass along alerts of misdeeds away from the prying eyes of others. And intelligence agencies also use the Dark Web as a conduit for reports from dangerous locations.

All these examples—and others—need a secure way to transmit information without giving away their locations or identities. The Dark Web allows them to do that.

Come in from the Dark

How can you protect yourself from being a victim of cybercrime and identity theft? Daniels says every tax professional should use a firewall and other security protection and make sure it’s always on. Use longer, stronger passwords; passphrases are better than passwords. Learn to spot suspicious emails that may be phishing attempts and don’t click on any link in any email sent by an unknown source.

“The most common way to steal data is to ask for it,” Daniels says.

Remember to avoid “open” public Wi-Fi networks. Such unsecured networks allow outsiders to see the traffic the network carries and offer no protection from hackers or identity thieves.

“Treat your data like you would cash,” Daniels says. “You wouldn’t just leave cash sitting out on a table in a public place like a coffee shop. Don’t do basically the same thing with your data.”