How Your Stolen Data Travels the Dark Web

Ever wonder what happens when your credit card number, Google credentials, and online banking password get stolen?

The film Sneakers* is one of the most underrated hacker movies in modern cinematic history. In many ways, it presaged the now cliché tropes that cybersecurity gurus pull out whenever we have a large data breach or hack. For example, the villain Cosmo — portrayed by the brilliant Ben Kingsley — turns at one point to the film’s main character played by Robert Redford and says, “There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information!”


That line sounds tired and overused today, but it still captures the essence of our contemporary privacy-challenged culture. It’s all about information. And it begs the question, have you ever wondered what happens to your information, to your data, once it’s stolen? How does it travel the dark, hidden places of the Internet? In its 2016 “Where’s Your Data?” report, Silicon Valley security firm Bitglass tells us.

The Bitglass research team created a “complete digital identity for an employee of a fictitious retail bank, a functional web portal for the bank, and a Google Drive account, complete with seemingly real corporate and personal data. Among the files in the Google Drive were documents containing real credit card numbers, work-product, and more. The team then leaked the employee’s “phished” Google Apps credentials to the Dark Web. What the hackers didn’t know was that each file in the Google Drive was embedded with a watermark and all activities, from logins to downloads, were being tracked by Bitglass, deployed in monitor-only mode.”

And here’s what they found: 

  • Over 1,400 hackers viewed the leaked credentials.
  • One in 10 hackers attempted to use the leaked creds at the bank web portal.
  • There were five attempted bank logins within the first 24 hours.
  • Visitors to the bank site came from over 30 countries across six continents.
  • 68 percent of the attempts on either the Google Drive account or bank account were from Tor-anonymized IP addresses.
  • 12 percent of those hacking the Google Drive account attempted to download files with sensitive content.
  • There were three attempted Google Drive logins within the first 24 hours.
  • 94 percent uncovered and attempted to log into other accounts.
  • That last bullet is particularly interesting. Like many technology users, the fictitious bank employee used the same password across many other web services, like social media. So, once the hackers determined the password worked at the bank login, they then attempted it on other web sites to see if it worked there. In some cases, it did.

    As Bitglass points out, there are some things we can do to prevent this kind of thing from occurring to our data.

  • Avoid using the same password for different services. Implement contextual, multifactor authentication. That is, set up your services to send you a text message with a login code every time you log in. Or use a token. Something other than just a password.
  • Set up alerts for unusual activity. Google gives you this option and I've used it myself. It’s great.
  • In the event your data is leaked, and you’ve been made aware of it, put a fraud alert on your credit accounts immediately. Don’t wait.
  • In the end, it’s all about controlling information. Whether it’s bad guys looking to do bad things, or commercial industry attempting to sell you something, or the government trying to protect you, it’s all about information.

    -----

    *I could write an entire post on this film. Probably my favorite hacker movie of all time. Setec Astronomy anyone? Hehe.

    Got a question for a real NASA astronomer? Ask it here!

    NASA astronomer Michelle Thaller is coming back to Big Think to answer YOUR questions! Here's all you need to know to submit your science-related inquiries.

    Videos

    Big Think's amazing audience has responded so well to our videos from NASA astronomer and Assistant Director for Science Communication Michelle Thaller that we couldn't wait to bring her back for more!

    And this time, she's ready to tackle any questions you're willing to throw at her, like, "How big is the Universe?", "Am I really made of stars?" or, "How long until Elon Musk starts a colony on Mars?"

    All you have to do is submit your questions to the form below, and we'll use them for an upcoming Q+A session with Michelle. You know what to do, Big Thinkers!

    Keep reading Show less

    New study finds strength of imagination not associated with creative ability or achievement

    If you have a strong imagination, this won't help you with academic study.

    Mind & Brain

    Imagination is sometimes claimed to be a uniquely human ability, and it has long intrigued psychologists. "Nevertheless, our understanding of the benefits and risks that individual differences in imagination hold for psychological outcomes is currently limited," note two researchers who have created a new psychometric test – the Imaginative Behaviour Engagement Scale (IBES) – for measuring how much imagination a person has, and then used it to investigate whether, as some earlier work hinted, having a stronger imagination might aid learning and creativity.

    Keep reading Show less

    7 common traits of self-transcended people

    Maslow's highest level on the hierarchy of needs.

    Shutterstock/Big Think
    Personal Growth
    • Self-transcendence is the final and oft forgotten peak of Maslow's pyramid.
    • Before transcending yourself, however, you need to be self-actualized.
    • The foundation of self-transcended people is caring for others and higher ideals.
    Keep reading Show less

    Why are conservatives healthier than liberals? Personal responsibility, study suggests.

    An emphasis on personal responsibility might explain why conservatives tend to be in better physical health than liberals.

    Pixabay
    Personal Growth
    • A growing body of research suggests there's some relationship between our measurable personality traits and our political beliefs.
    • A recent study examined the relationship between political beliefs, personal responsibility and overall health.
    • The results suggest that an emphasis on responsibility might explain health differences between liberals and conservatives.
    Keep reading Show less