Abine CEO Rob Shavell says hackers "are brokering and selling information about you that you never really consented to have them sell." Shavell talks to TechRepublic's Dan Patterson. The following is an edited transcript of the interview.
Dan Patterson: Rob Shavell, CEO of Abine. A lot of personal data is shockingly available on the Dark Web and on the Clear Net. We almost joke about the amount of data that's leaked when we see big breaches like at Yahoo or Equifax. I wonder if you could help us understand. Take us inside the amount of data, and what types of data are available about consumers easily?
Rob Shavell: You used the key word, which is "easily." A lot of data has, actually, always been available about all of us. Prior to the advent of the Internet, a lot of that data is siloed in hard-to-find places. Here's an example: If you bought a house, that record would often be deposited on paper at your local court house. If you wanted to find out who lived there, what ages the people were, how much they paid for a house, and, then, walk over to actually see the front of the house on the street, all of that would require a whole lot of effort, and most people wouldn't make that effort. These days, all of that information has been pulled into very, very easy-to-find and, in fact, easy-to-purchase dossiers of information available on the public web.
Dan Patterson: When we say, "The public web," often we have conversations about the Dark Web and the encrypted web that takes some expertise or, at least, some understanding of encryption to access. How easy, compared to doing social engineering in the past, or, simply, like you said, walking down to the court house and looking up the records, how easy is it to find information? What are the brokers? Where do I go?
Rob Shavell: One of the principle ways we find anything on the web is Google. It may not surprise you, but it did surprise me to know that the percentage of searches on Google that are for a person, a person's name or their name and address, are actually in the 10% range. In fact, they've grown from about 6% or 7% in 2014 to now around 11% in 2017. That means that literally one out of every 10-times somebody types something into Google, it's to search for somebody else. We're social creatures.
Dan Patterson: Where and how do we defend against this? Google is one place, of course, but how can I find information and lock it down?
Rob Shavell: Right. With all of these queries, billions and billions of searches for people zooming around the Internet every day, let's remember that Google makes it money through advertising. What happens when you put in somebody's name is that the top-bidding advertisers for your name and information related to you instantly show up at the front and center of those queries. Really, whether or not the company in question has a whole lot of information about you or not so much, they still bid to put your information for sale at the top of Google, the front page.
Those companies are what we affectionately refer to as data brokers. They are brokering and selling information about you that you never really consented to have them sell. Names of these data brokers include familiar names like White Pages, which most people are familiar with because they're familiar with the White Pages and the Yellow Pages, and other companies like Spokeo and Intelius and Been Verified, and a whole bunch of other Internet companies that will pay the high price to get somebody to go from a name search on Google to, "Hey, would you like to buy more information about this individual? Would you like their phone number? Would you like their home address? Would you like information about their house value? Would you like to know who their relatives are and how old they are?" Well, for ten bucks, or twenty bucks, or even as little as 95-cents, depending on the configuration and how much information you're looking to buy, they're willing to sell it to you.
Dan Patterson: All right, so that's very reassuring, Rob. I wonder if you could leave us some advice for business. Obviously, business is composed of individuals, and there's quite a bit of information available about CXO's at companies and about the companies themselves. How and why should business be concerned?
Rob Shavell: Yeah. Well, in the past, what often happened is that a pissed-off customer, if they bought a product and didn't like it, somebody bought a Ford car, and it broke down, they'd write a letter. They'd put it in the mail, and they'd send it to the CEO of Ford. These days, what's happening often is angry customers are contacting the homes of senior executives personally, which borders on stalking and things that would scare anybody. What we've seen is senior executives that are often the focus of people's anger. They have come to us at Delete Me and said, "Hey, can you use your Delete Me service to help remove our entire team from coming up so highly in these Google search results and from having all of their information so easily purchasable?"
About 30% of the Fortune 50 companies, the biggest companies, including a lot of the tech companies, ironically, have now signed up for Delete Me for their businesses, just to give their executives a lower profile, so that it's not so easy for people, when they're most angry, to go find their personal addresses and contact them.
- Special report: How to implement AI and machine learning (free PDF) (TechRepublic)
- Ransomware: Why the crooks are ditching bitcoin and where they are going next (ZDNet)
- Ransomware: A cheat sheet for professionals (TechRepublic)
- Fake cryptocurrency scam delivers ransomware - and more malware when you pay up (ZDNet)
- Why SMBs are at high risk for ransomware attacks, and how they can protect themselves (TechRepublic)
Dan Patterson has nothing to disclose. He does not hold investments in the technology companies he covers.
Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.