What Happens to Stolen, Sensitive Data?

 
 
By Karen A. Frenkel  |  Posted 02-26-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    What Happens to Stolen, Sensitive Data?
    Next

    What Happens to Stolen, Sensitive Data?

    An experiment that leaked a fake bank employee’s data to the dark Web shows what happened to the data during its first month out in the open.
  • Previous
    Immediate Spike in Activity
    Next

    Immediate Spike in Activity

    When the credentials were leaked, a rush of hackers tested the fake bank employee’s Google Drive credentials in several of the victim’s other accounts. They quickly downloaded files, including those with real credit card information.
  • Previous
    Torrent of Activity
    Next

    Torrent of Activity

    Within hours of leaking the credentials, 1,400 visits from 30 countries across six continents were recorded. Here are the demographics: Russia: 35%, U.S.: 16%, China 4%, Japan 2%
  • Previous
    Logins to Fake Bank
    Next

    Logins to Fake Bank

    One-tenth of the hackers who viewed the credentials tried to log into the bank Web portal.
  • Previous
    Hacked Once, Hacked Everywhere
    Next

    Hacked Once, Hacked Everywhere

    The fictitious bank employee used the same password for personal banking accounts and social media sites. Once hackers used leaked credentials to access his Google Drive, most used those same credentials elsewhere.
  • Previous
    Other Accounts Accessed
    Next

    Other Accounts Accessed

    36% of hackers successfully accessed the victim's personal banking account using the leaked password. There were recurring logins, some within hours of one another and others weeks after the initial login.
  • Previous
    The Numbers
    Next

    The Numbers

    94% of hackers uncovered and attempted to log into other accounts. Five tried bank logins within the first 24 hours. Three attempted Google Drive logins in the first 24 hours. Within 48 hours, the first file was downloaded.
  • Previous
    The Power of TOR
    Next

    The Power of TOR

    68% of hackers accessed both the Google Drive and the bank portal from TOR-anonymized IP addresses.
  • Previous
    Hackers More Security Conscious Than Ever
    Next

    Hackers More Security Conscious Than Ever

    The high rate of TOR usage indicates that hackers are becoming more security conscious and know to mask their IP's whenever possible to avoid getting caught.
  • Previous
    Other Occurrences
    Next

    Other Occurrences

    Hackers changed the victim's password. They made several attempts to crawl the Google Drive, using third-party apps. Some downloaded files did not appear sensitive, including lunch menus.
 

An experiment designed to lure dark Web users to steal fake bank information showed that most hackers accessed other apps, downloaded and cracked encrypted files and attempted to cover their tracks. The goal of the experiment, known as Project Cumulus, was to help organizations understand what happens to sensitive data once it has been stolen. Bitglass, a data protection company, ran the experiment and released findings in its report "Where's Your Data?" Bitglass researchers created a digital identity for an employee of a fictitious retail bank, a Web portal for the fake bank and a Google Drive account complete with real credit card data. They pretended that the fake employee's Google Drive credentials were stolen via a larger phishing campaign. They leaked those "phished" Google Apps credentials to the Dark Web and tracked activity in the fake employee's online accounts. Hackers did not know that Google Drive activities were being monitored for a month and that files were embedded with Bitglass watermarks. Here's what happened next.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register