How Your Stolen Data Travels the Dark Web

Ever wonder what happens when your credit card number, Google credentials, and online banking password get stolen?

The film Sneakers* is one of the most underrated hacker movies in modern cinematic history. In many ways, it presaged the now cliché tropes that cybersecurity gurus pull out whenever we have a large data breach or hack. For example, the villain Cosmo — portrayed by the brilliant Ben Kingsley — turns at one point to the film’s main character played by Robert Redford and says, “There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information!”


That line sounds tired and overused today, but it still captures the essence of our contemporary privacy-challenged culture. It’s all about information. And it begs the question, have you ever wondered what happens to your information, to your data, once it’s stolen? How does it travel the dark, hidden places of the Internet? In its 2016 “Where’s Your Data?” report, Silicon Valley security firm Bitglass tells us.

The Bitglass research team created a “complete digital identity for an employee of a fictitious retail bank, a functional web portal for the bank, and a Google Drive account, complete with seemingly real corporate and personal data. Among the files in the Google Drive were documents containing real credit card numbers, work-product, and more. The team then leaked the employee’s “phished” Google Apps credentials to the Dark Web. What the hackers didn’t know was that each file in the Google Drive was embedded with a watermark and all activities, from logins to downloads, were being tracked by Bitglass, deployed in monitor-only mode.”

And here’s what they found: 

  • Over 1,400 hackers viewed the leaked credentials.
  • One in 10 hackers attempted to use the leaked creds at the bank web portal.
  • There were five attempted bank logins within the first 24 hours.
  • Visitors to the bank site came from over 30 countries across six continents.
  • 68 percent of the attempts on either the Google Drive account or bank account were from Tor-anonymized IP addresses.
  • 12 percent of those hacking the Google Drive account attempted to download files with sensitive content.
  • There were three attempted Google Drive logins within the first 24 hours.
  • 94 percent uncovered and attempted to log into other accounts.
  • That last bullet is particularly interesting. Like many technology users, the fictitious bank employee used the same password across many other web services, like social media. So, once the hackers determined the password worked at the bank login, they then attempted it on other web sites to see if it worked there. In some cases, it did.

    As Bitglass points out, there are some things we can do to prevent this kind of thing from occurring to our data.

  • Avoid using the same password for different services. Implement contextual, multifactor authentication. That is, set up your services to send you a text message with a login code every time you log in. Or use a token. Something other than just a password.
  • Set up alerts for unusual activity. Google gives you this option and I've used it myself. It’s great.
  • In the event your data is leaked, and you’ve been made aware of it, put a fraud alert on your credit accounts immediately. Don’t wait.
  • In the end, it’s all about controlling information. Whether it’s bad guys looking to do bad things, or commercial industry attempting to sell you something, or the government trying to protect you, it’s all about information.

    -----

    *I could write an entire post on this film. Probably my favorite hacker movie of all time. Setec Astronomy anyone? Hehe.

    LinkedIn meets Tinder in this mindful networking app

    Swipe right to make the connections that could change your career.

    Getty Images
    Sponsored
    Swipe right. Match. Meet over coffee or set up a call.

    No, we aren't talking about Tinder. Introducing Shapr, a free app that helps people with synergistic professional goals and skill sets easily meet and collaborate.

    Keep reading Show less

    4 reasons Martin Luther King, Jr. fought for universal basic income

    In his final years, Martin Luther King, Jr. become increasingly focused on the problem of poverty in America.

    (Photo by J. Wilds/Keystone/Getty Images)
    Politics & Current Affairs
    • Despite being widely known for his leadership role in the American civil rights movement, Martin Luther King, Jr. also played a central role in organizing the Poor People's Campaign of 1968.
    • The campaign was one of the first to demand a guaranteed income for all poor families in America.
    • Today, the idea of a universal basic income is increasingly popular, and King's arguments in support of the policy still make a good case some 50 years later.
    Keep reading Show less

    Dead – yes, dead – tardigrade found beneath Antarctica

    A completely unexpected discovery beneath the ice.

    (Goldstein Lab/Wkikpedia/Tigerspaws/Big Think)
    Surprising Science
    • Scientists find remains of a tardigrade and crustaceans in a deep, frozen Antarctic lake.
    • The creatures' origin is unknown, and further study is ongoing.
    • Biology speaks up about Antarctica's history.
    Keep reading Show less

    Why I wear my life on my skin

    For Damien Echols, tattoos are part of his existential armor.

    Videos
    • In prison Damien Echols was known by his number SK931, not his name, and had his hair sheared off. Stripped of his identity, the only thing he had left was his skin.
    • This is why he began tattooing things that are meaningful to him — to carry a "suit of armor" made up the images of the people and objects that have significance to him, from his friends to talismans.
    • Echols believes that all places are imbued with divinity: "If you interact with New York City as if there's an intelligence behind... then it will behave towards you the same way."
    Keep reading Show less