Following Stolen Data on the Dark Web

Following Stolen Data on the Dark Web

The internet is something even the most technologically-averse people interact with daily. This miraculous tool has changed the way we live our lives, how we interact with friends and family and how we conduct business. If the internet were a car, then the data created and shared online would be the gasoline that powers that vehicle.

But sticking with our example above, cars get stolen in the real world AND in the digital space. While a 40-year-old jalopy being stolen might not cause headlines, imagine if an entire brand of popular cars fell into the hands of criminals.

That would be major news!

Yet, each year it seems like record-breaking data breaches result in that level of sensitive data being lost to hackers and sold on the Dark Web. There are many examples of this, but perhaps one of the most egregious in recent history was the breach reported by the credit bureau Equifax. The company has, to date, disclosed that some 145.5 million customers had been affected by a data breach.

That information is easily available from an internet search. But what might not be obvious is what happens to that information after the data has been stolen.

What kind of a journey does that data take between a purportedly secure hard drive, and being sold on the Dark Web?

The Problem with Breaches

Obviously, the biggest problem with having data stolen is that it’s STOLEN, and the fate of that data is uncertain. But the larger issue, as we see it, is the apathy that people seem to have around taking some action afterward. How many times has this phrased been uttered during the conversation about data security:

“My data is already out there, I’m not that interesting, why should I care?”

There are ripple effects that go along with data theft. Depending on what way these ripples go, stolen data could be parlayed into identity theft and major financial crimes.

In the case of Equifax, the company lost full legal names, Social Security numbers, birth dates, and addresses for nearly half of the population of the United States!

One does not need a criminal background to imagine the kind of damage that can be done with that information. Mortgage applications happen entirely online these days, someone with the right credentials and weak moral fiber wouldn’t hesitate to open a serious line of credit in the name of someone that was a victim of data theft.

The Flow of Stolen Data

So, a hacker (or hackers) obtain a cache of data, now what?  A “typical” post-hack checklist might look something like this for the seller:

  • Take inventory of the goods – Parsing through the stolen data will reveal the kind of information obtained. Careful attention will be paid to mine out personal information (names, addresses, phone numbers, email addresses, and social security numbers), financial information (credit card information, loan documents, or bank account information), and login details for banking websites or cloud-based work networks.
  • Personal information is bundled and sold first – Typically, this type of data is valuable only when sold in bulk and sellers can get better prices depending on how recently the information has been stolen. Rates will vary, but a full set of information including name, birthdate, address or social security information can cost between $1 and $450 dollars.
  • Credit cards and financial information – Hackers who have obtained credit card information or other bank account-related data are typically going to move this information immediately after the personal information is sold. For most consumers, changing their credit card information might be the only action they take after a major data breach. For this reason, the success rate on stolen credit card data is very low. In many cases, the hacker will sell bulk credit card information to “brokers”. These brokers will use other vendors to convert active credit cards into gift cards from retailers like Amazon and use those gift cards to buy real products. Finally, the products obtained through Amazon might be sold on self-driven marketplaces like Craigslist or eBay.
  • Credentials are gold – Authentic credentials are the real honeypot for hackers. Stolen data that allows access to more data to steal is highly valuable. Hackers give high priority to government or military-affiliated passwords and email addresses, and those from enterprise corporations. Since most employees tend to use the same passwords or easily cracked passwords, these accounts can be used to launch additional attacks. Credentials tend to fetch the highest price on the dark web which is why cybersecurity experts and IT managers stress the importance of regular password changes and proper password etiquette.

Black markets don’t work that differently from above ground retail markets. Sellers establish a rate for goods and services and buyers select these products. Where the difference lies is in how the payments are sent and how the products are received.

Handing a cybercriminal a stack of cash isn’t always viable, the decentralized nature of Dark Web marketplaces provides anonymity that hackers enjoy. Thomas J. Holt, an associate professor of criminal justice at Michigan State University provided some information to Tech Republic about how sellers are provided with payment:

Due to the nature of the product, sellers make every effort to remain incognito when it comes to receiving payments. The internet has been a big help in this regard. "Sellers accept online payments through various electronic mechanisms, including Web Money, Yandex, and Bitcoin," explains Holt. "Some sellers even accept real-world payments via Western Union and MoneyGram, but they often charge additional fees to cover the costs of using intermediaries to transfer and receive hard currency."

Holt next mentions that payments are made up front, with the release of stolen data taking a few hours to a few days. And, paying up front is why buyers want to know how the underground market rates the seller. If a deal goes wrong, it is doubtful either party will be calling the authorities.

The Value of Constant Monitoring

It’s time to end the “it could never happen to us” mindset. Chances are it has already happened and is potentially risking the reputation of the business and the security of clients.

Want to test that hypothesis?

Head over to https://haveibeenpwned.com, a free resource where anyone can check and see if their data has been put at risk because of a data breach. A quick input of an email address will identify what type of data has been compromised and what event cause the data leak. This service is a sobering reminder that data protection requires constant attention and is not a one-and-done type of activity. Network security requires a multi-tiered approach to keeping data safe within and bad actors out.

A comprehensive approach to network security may include firewalls which block unauthorized access to the network, anti-virus and anti-crypto-jacking protection and of course, staff education!

The first step toward making sure that data doesn’t end up on the Dark Web is a security audit from a team that understands the business, and potential vulnerabilities in the short and long term.

Businesses with 10-100 employees can quickly see their overhead costs spike when it comes to hiring internal IT support resources. Outsourcing some or all of the critical IT support aspects has been proven to save money and increase efficiency.

Not to mention keeping the businesses name out of the headlines for major security breaches!