Dark web downloads
After wrapping up Project Cumulus, the latest in the Bitglass Where's Your Data series, we looked back at the results and developments from our first Where's You Data test conducted early in 2015. In the original experiment, we leaked spreadsheets with fake names, credit card numbers, Social Security numbers, addresses, and other personal information to both the surface web and the Dark Web. These spreadsheets were embedded with Bitglass watermark technology that would regularly call back to our researchers. We got hundreds of hits globally, including many from crime syndicates in Nigeria and Russia.
As the chart above reveals, downloads and new callbacks were few and far between in the eight months following the leak. We didn't expect the long quiet period to end, but in October 2015, we observed a spike in downloads of these old files.
The download patterns on the dark web were different from the patterns on the surface web. Unlike the surface web, there were few Dark Web downloads in the initial days following the leak, but the files later resurfaced. Downloads months later on the Dark Web far outpaced downloads on the surface web. All Dark Web hackers accessed the files from Tor-anonymized IP addresses.
Lost or stolen files can always resurface once leaked, that's why data-centric security is critical. While a file from a managed device can easily be moved or sent to an unmanaged device on an unsecured network, a file that has DLP applied to limit exposure of sensitive data through encryption or DRM can be incredibly valuable, particularly when customer information is involved.
In Project Cumulus, our latest experiment, we went a step further and leaked user credentials to the Dark Web to find out what information hackers are most interesting in accessing and how quickly that data spreads.