Experiment Tracks Stolen Corporate Data on the Dark Web

The last thing any CTO wants to hear is EUwe've been hacked.EU In recent months, Target, JP Morgan, Sony and Anthem have all joined that unfortunate club. For each of those companies, discovering the breach is only the first step in a long, arduous process of rooting out malware infections, fixing security flaws, alerting customers and assessing the damage.

Typically, companies have little to no idea where their stolen data has gone. Bitglass, a cloud access security broker, has decided to shed some light on the fate of corporate files once they have been hacked. The experiment revealed that stolen data travels the globe, landing in five different continents and 22 countries within two weeks.

Major Syndicates in Russia and Nigeria

To conduct the experiment, BitglassEU research team generated 1,568 fake names, Social Security numbers, credit card numbers, addresses and phone numbers that were saved in an Excel spreadsheet. The spreadsheet was then transmitted through a proxy, which automatically watermarked the file. The falsified data was then uploaded to DropBox as well as on seven Dark Web sites believed to be frequented by cybercriminals.

Each time the file was opened, the persistent watermark, which survives copy, paste and other file manipulations, "called home" to record view information such as IP addresses, geographic locations and device types. Finally, the spreadsheet was posted anonymously to cybercrime marketplaces on the Dark Web, a collection of private networks that make connections only between trusted peers.

The experiment offered insight into how stolen records from data breaches are shared, bought and then sold on the black market. According to Bitglass, analyzing times, locations, and IP addresses indicated the likelihood that two major crime syndicates in Nigeria and Russia are engaging in closely related activities.

Data traffic patterns indicated the fake data was shared among members of the syndicates to...

Comments are closed.