When you imagine personal data stolen on the internet, like your address, phone number, internet history, or even passwords, you probably think of hackers passing it to identity thieves. Maybe you think of cops getting their hands on it in less-than-legal ways, or maybe an insurance company spying on its customers. But apparently anyone can buy this data, from a U.S. company, for as little as $50.
That company is Farnsworth Intelligence, an âopen-source intelâ startup from 23-year-old founder Aidan Raney. And itâs not being coy about what itâs doing. The companyâs primary consumer-level product is called âInfostealers,â and itâs hosted at Infostealers.info. (Yup, what a URL.) According to an exposĂ© from 404 Media, a simple purchase starting at fifty bucks can get you access to a searchable database of personal data from people all over the United States and the world.
And this isnât just the usual stuff you could find on the various âpeople pagesâ sites, the somewhat scummy descendants of the Yellow Pages. No, this is information apparently sourced directly from data breaches, stolen from companies and services in ways that just about every country considers a crime. Thereâs a full suite of data available for perusing, up to and including the auto-fill addresses you stick into your browser so you donât have to type them into every new store.
Farnsaworth Intelligenceâs primary public-facing info search tool is called âInfostealers.info.â
Farnsworth Intelligence
But it goes even deeper. Farnsworth Intelligenceâs more powerful Infostealer Data Platform product will serve up private data that includes usernames and passwords. Yes, again, the actual product is called âInfostealer.â This feature isnât available to just anyoneâŠbut it is available to anyone who can provide a compelling reason. The list of apparently legitimate use cases Farnsworth accepts includes âprivate investigations, intelligence, journalism, law enforcement, cyber security, compliance, IP/brand protection.â
Thereâs no mention of a warrant necessary to access this stolen information.
Farnsworthâs public-facing sight seems almost gleefully eager to declare its ability to collect information via less-than-legitimate means. âWe are renown [sic] for our human intelligence capabilities, having successfully infiltrated a North Korean laptop farm through social engineering techniques and succesfully [sic] extracting intelligence that saved companies millions of dollars,â declares a promo blurb. Farnsworth says this information can be used for âcorporate due diligence,â âenhanced background checks,â and âadvanced asset searches.â Exactly how Farnsworth procures its trillions of data points is not disclosed.
Itâs easy enough to find stolen personal info, since hardly a week goes by without a database of millions of users making its way onto the dark web. And there are legitimate reasons for people to find and catalog those databases, like security companies alerting their customers when their passwords have been leaked. But brazenly selling stolen information on the open market, especially when there are so many companies, governments, and other state-level actors that can use it to do harm, seems incredibly callous.
And itâs worth pointing out that evidence obtained illegally is generally inadmissible in a criminal prosecution. But that wouldnât stop, say, an abusive ex from tracking down their victimâs most recent address. There are plenty of other ways for illegally obtained information to be used to hurt people. Iâm sure I donât have to draw you a picture of why groups of vulnerable people who are already targeted wouldnât want it to be searchable by private investigators or government agents, with nothing more than a credit card.
Iâm a technology journalist. I donât have the authority to declare behavior like this legal or illegal, and my employerâs lawyers would probably tackle me if I tried. But as a human being, I can point out that collecting private, stolen information, then selling it to anyone without a thought for what further damage it might cause, is the epitome of sociopathic greed. âIt would be illegal and unethical to sell stolen cell phones even if you didnât steal them yourself, and I donât see how this is any different,â said Cooper Quintin of the Electronic Frontier Foundation.
404 Media requested comment from both Farnsworth Intelligence and its founder, and received no response. I highly recommend reading 404 Mediaâs original report for the full scope of the situation.
