BitGlass is a security vendor and they were responsible for the experiment. Their goal was to get a true look from an insider’s perspective after cybercriminals hack personal information from the organisations that have been breached. BitGlass generated all of the bogus/phoney information and placed them on Excel spreadsheets that were ‘watermarked’ with a code that tracked anyone that had access without them being aware. The watermark sent a notification when the file was opened or downloaded and included the IP address, geographic location and type of device involved.
Placing them on seven well known black market sites as well as a DropBox file, BitGlass observed access to the files as they were downloaded by forty seven different parties covering North America, Europe, South America, Asia and Africa. The highest percentage of users access them from Russia, Nigeria and Brazil, with the biggest number of individuals from Russia and Nigeria.
Nat Kausik, BitGlass CEO stated, “Our goal was to see how liquid the market is for breached data.We were curious to see what happens to it after a breach…..People do cross-examine it and download it, looking for breached data.” Kausik also noted that there was a significant amount of traffic from overseas university networks, probably due to Wi-Fi availability.
The information was not listed as being ‘for sale’ and there was also not contact associated with it. It was simply left out in the areas where it could be found. One of the fake credit card numbers was used in an attempt to purchase and it didn’t take long for the user to realize the number was fake. There was no way for anyone to make any contact or express interest for additional access.
Kausik indicated that the biggest lesson from the experiment was to demonstrate how easy it is to sell stolen information. He said, “There is a well-established online marketplace” for it.
“Personal as well as proprietary data is a gold mine for cybercriminals. DaVinci CyberSecurity incorporates consistent security protocols with all of our client education programs, assisting everyone to understand the importance of diligence when it comes to keeping information safe. As this experiment showed, once breached, the information can travel and be used in simply a matter of hours. The mission is to help companies and individuals keep their information from ever reaching the dark net.” – Sharon Knowles, CEO of Da Vinci CyberSecurity
Da Vinci CyberSecurity offers a service where we monitor the Dark Web where many of your company’s most valuable assets are at risk to criminal activities carried out on the Dark Web – and you don’t even know it. Turning a blind eye to this will impact your:
- Brand and reputation
- Customer loyalty
- Intellectual Property
- Legal defenses
- IT baselines
- Cybersecurity strategy
- And much more!
Da Vinci CyberSecurity removes this blind spot in your cyber threat intelligence program by providing you with personalised cyber risk intelligence from Dark Web and other related sources.
http://www.darkreading.com/attacks-breaches/what-happens-when-personal-information-hits-the-dark-web/d/d-id/1319801 Image : Article Cats