Security "Bits"

Project Cumulus: Hackers' Unusual Activity

By Salim Hafid | February 29, 2016 at 9:00 AM


Some hackers care only about accessing valuable data. Others' motivations are not so clear. With Bitglass technology deployed in monitor-only mode, we leaked a fictitious user's Google Drive account credentials and tracked all resulting activity in our recent data experiment, Project Cumulus and observed some curious actions.Over the course of a month, we recorded a handful of recurring logins, likely hackers curious to see if the password had been changed or if any new files of value had been added to the Drive. Some recurring logins occured hours after the initial login, other returned to the Google Drive weeks later.

For those that successfully accessed the Google Drive many didn't have a clear plan of action. Some downloaded files at random, including lunch menus that the fictitious employee had left in a personal folder while others mass downloaded everything in the Drive. An enterprising few used Google APIs to crawl the drive account for interesting data. 

Notably, some hackers logged in then immediately logged out of the Drive, perhaps realizing that they had tread into illegal territory. Others logged in and opted not to download or view any files, content simply with seeing file names.

One set of files we didn't expect to see much traffic? Our fake bank's cafeteria lunch menus. I guess even criminals are curious about what's for lunch. 

Over the course of a month, hundreds of hackers across 30 countries viewed the fictirious employee's credentials and accessed not only the Google Drive account but also a number of other sites on which the same password was used, check out the full report for details.

Download the report



see all