SUFFOLK -- Like tens of thousands of others, Virginia Beach resident David Xavier has had his credit card number stolen.
"My financial institution notified me and they said, 'Hey, did you know that you're buying all this stuff in France?!," says Xavier.
According to cyber security experts at Sera Brynn in Suffolk, Xavier's number was probably sold in what some call the underground community of the Internet. It's where the criminals hang out to do all things illegal.
Brynn CIO Darak Dabbs says criminals first download a free Internet privacy tool called TOR. TOR stands for The Onion Router. The word onion is used to represent the many protective layers of TOR that enable a user’s activities to remain anonymous.
He recommends the average consumer stay away from it because it’s filled with Malware that could threaten your computer.
"You can install it, put it on a thumb drive and launch it and then your internet actions will be anonymous. No more tracking, no more cookies, everything 100 percent anonymous," Brynn notes.
That's just the way the criminals like it. 99 percent of what's on TOR is encrypted. They type whatever subject that interests them and a marketplace appears at the their fingertips.
Dabbs says eBay and PayPal accounts are for sale.
"Users of PayPal have their banking accounts linked to it, credit cards linked to it, so a PayPal account can be extremely lucrative," Dabbs notes.
100 credit card numbers are going for $150. Numbers are sold in bulk to street-level crooks who then use the numbers to clone the credit cards.
There is also a website called Rent-A-Hacker. Renting someone to hack a Facebook account is 200 Euros, equivalent to $693 U.S.
Dabbs says many of the people who advertise as hackers are from Eastern Europe and highly educated.
"Very educated in a very low economy, so the age group between 20 and 30 almost everyone has undergrad, virtually a master's degree in technology, but they don't have an economy that will pay them for this skill set, so they turn to the underground," Dabbs states.
The underground is also a popular way to get illegal drugs. One website, the People's Drugstore, sells ecstasy, heroin and cocaine. Dabbs says the sellers know exactly how to package the drugs to hide any suspicious smells.
"You can buy illegal narcotics and they will send it to you either through the U.S. Post Office, FedEx or UPS," says Dabbs.
Stopping the underground is almost impossible for law enforcement. Many of the Web sites stay up for a brief period of time, much of the language is encrypted, many of the criminals are overseas and bit coins are the popular form of payment. Bit coins are digital currency that is hard to trace.
Heather Engel, a certified information systems security professional with Sera Brynn, says it's amazing how often they come across clients and businesses that are unaware of the danger that lurks on the internet and how unsecure their computing systems are.
"A lot of small- to medium-size businesses think that they aren't a target and what we're finding is that that is absolutely not true," she notes.
Even large businesses have struggled. Engel says it's highly likely that many of the stolen credit and debit card numbers from the Target breach are being sold in the underground.
For the individual consumer, Engel recommends never using a debit card for transactions -- only use it at a trusted ATM. If you want to pay with debit cards, Engel says don't tie them to your primary checking account. Instead, link them to account with a much smaller amount of cash.
She also says sitting at your local cafe and using its WiFi to pay bills is a bad idea.