Diving into the Dark Web: Where does your stolen data go? By Charlie Osborne for Zero Day | April 8, 2015

Aug 11, 2015

When a data breach occurs and personal information is stolen, where does it end up? Bitglass researchers decided to find out.

Target, Morgan Stanley, Sony, Anthem -- the list of today's major data breaches goes on. In the last few years alone, high-profile attacks have been launched against these companies and countless others, resulting in the theft of private communication, names, Social Security numbers, addresses, financial data and account credentials.

According to a report released by the Identity Theft Resource Center (ITRC), in the United States alone in 2014, 783 data breaches were discovered. Since 2005, 5,029 data breaches have been reported in the US, with an estimated 675 million records stolen.

Hardly a month goes by without another well-known brand discovering a breach, and yet, where stolen data goes is relatively unexplored. However, security researchers from Bitglass decided to remedy the lack.

The Dark Web is one place where stolen information is offered for sale. Accessible through the Tor network, the underground comprises of stores and websites entrenched in illegal activities ranging from the sale of data to hacking tools to drugs and weaponry. However, websites hosted on the network also offer free downloads of data, which is posted anonymously.

The security team decided to track data offered up in the Dark Web. After creating an excel spreadsheet of 1,568 fake employee credentials, the team placed the file on anonymous file-sharing websites in the Dark Web, as well as Dropbox. The data was then tracked through Bitglass' tracking technology, which embedded the file with an invisible watermark that "pings" the Bitglass portal whenever the document is opened. After being pinged, the portal displays information including geographic location, IP address and device type.

The company says that even if the watermarked document is copied and pasted elsewhere or corrupted, the watermark persists and remains trackable.

Bitglass found that within only a few days, the fake credentials had been downloaded in over five countries, three continents and was viewed over 200 times. By day 12, the file had received over 1,080 clicks and had spread to 22 countries on five continents.

"By the end of the experiment the fake document of employee data had made its way to North America, South America, Asia, Europe, and Africa. Countries frequently associated with cyber criminal activity, including Russia, China and Brazil, were the most common access points for the identity data.

"Additionally, time, location, and IP address analysis uncovered a high rate of activity amongst two groups of similar viewers, indicating the possibility of two cyber crime syndicates, one operating within Nigeria and the other in Russia," the team's report states.

While this is a small experiment, it does highlight how quickly data can spread online. A small set of fake staff credentials is one thing, but files related to well-known brands -- such as Target or Morgan Stanley -- are another matter altogether, and more likely to be downloaded and potentially exploited.

Security breaches are unavoidable. It can take months or even years for the enterprise to discover a security problem. By this point, stolen information may have already traveled worldwide. When so many data breaches are preventable, companies need to start investing more heavily not only in cybersecurity as a whole, but also begin tightening internal controls and data protection protocols to mitigate the risk of becoming a new victim in 2015.

Jul 27.15 | Target, PCI Auditor Trustwave Sued By Banks Trustwave apparently certified the retailer as PCI compliant -- but can PCI assessors be held liable for data breaches? by Mathew Schwartz Infoweek

read more

Jun 04.15 | AT&T Admits Failure In Mobile Payments By pymnts @pymnts

read more

May 04.15 | Three Survive Eight Days Under Earthquake Rubble In Nepal, As Death Toll Rises: By Gopal Sharma: Reuters

read more

Apr 27.15 | Nepal earthquake donations: Who's sending what By Alanna Petroff and Ben Rooney @CNNMoney

read more

Apr 27.15 | Nepal scrambles to organise earthquake relief, death toll rises to 4000 - Source: Reuters @ibnlive

read more

Apr 20.15 | How Much Does Penetration Testing (Pen Test) Cost? by: Gary Glover, Director of Security Assessments at SecurityMetrics

read more

Jan 08.15 | Moonpig app pulled after expert exposes 'half-arsed' security measures: 6 January 2015 - 12:44pm | posted by John McCarthy

read more

Dec 11.14 | New payment-card-security-standard-wont-stop-data-breaches by Howard Solomon @itworldca

read more