Bitglass, the Total Data Protection company, undertook an experiment geared towards understanding what happens to sensitive data once it has been stolen. In the experiment, stolen data traveled the globe, landing in five different continents and 22 countries within two weeks. Overall, the data was viewed more than 1,000 times and downloaded 47 times; some activity had connections to crime syndicates in Nigeria and Russia.The Bitglass threat research team programmatically synthesized 1,568 fake names, social security numbers, credit card numbers, addresses and phone numbers that were saved in an Excel spreadsheet. The spreadsheet was then transmitted through the Bitglass proxy, which automatically watermarked the file. Each time the file is opened, the persistent watermark, which survives copy, paste and other file manipulations, “calls home” to record view information such as IP address, geographic location and device type. Finally, the spreadsheet was posted anonymously to cyber-crime marketplaces on the Dark Web.
The experiment offers insight into how stolen records from data breaches are shared, bought and then sold on the black market. During the experiment, crime syndicates in Nigeria and Russia emerged via clusters of closely-related activity. Traffic patterns indicate the fake data was shared among members of the syndicates to vet its validity and subsequently shared elsewhere on the Dark Web, beyond the original drop sites.
In 2014, 783 data breaches were reported, which represents a 27.5 percent spike over the previous year. Data breaches continue to spike in 2015 – as of March 20, 174 breaches, affecting nearly 100 million customer records were reported. While many are suffering from data-breach fatigue, this experiment sheds light on how cybercriminals interact with pilfered data and thus helps enterprises understand why visibility is critical when it comes to limiting the damage of breaches.
The falsified data was placed on DropBox as well as on seven Dark Web sites believed to be frequented by cybercriminals. The result of the experiment found that within 12 days the data was:
- Accessed from five continents - North America, Asia, Europe, Africa and South America
- Accessed from 22 countries - United States, Brazil, Belgium, Nigeria, Hong Kong, Spain, Germany, the United Kingdom, France, Sweden, Finland, the Maldives, New Zealand, Canada, Norway, the Russian Federation, the Netherlands, the Czech Republic, Denmark, Italy, Turkey
- Accessed most often from Nigeria, Russia and Brazil
- Viewed 1,081 times, with 47 unique downloads
“Bitglass’ mission is to protect corporate data outside of the firewall – anywhere it goes on the Internet. This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early,” said Nat Kausik, CEO, Bitglass. “Our Breach Discovery service helps organizations limit the damage from data breaches.”
For information about the experiment can be found here:
◀ VIEW THE REPORT
Bitglass (bitglass.com) delivers innovative technologies that transcend the network perimeter to deliver total data protection for the enterprise -- in the cloud, at access, on mobile devices, on the network and anywhere on the Internet. Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution. Bitglass is based in Silicon Valley.