Hacks are now commonplace. The attacks experienced by Home Depot, Sony, Target, and Anthem Health — each of which had millions of personal records breached — show just how prevalent the issue is.
While many experts work on reducing the chances of attack and helping victims figure out best practices when their information has been stolen, it’s still unclear exactly how quickly the information spreads.
What actually happens to the information? The Dark Web, which hosts online black marketplaces (like Silk Road) that hawk myriad illegal goods, is known to be the destination for stolen credentials. But who are the people accessing these sites?
Researchers at the cloud security company Bitglass looked into it, and the answers were shocking, according to InformationWeek’s cybersecurity blog Dark Reading.
Bitglass attacked this question by generating its own fake data. These files contained “several thousand very real looking names, social security numbers, credit card numbers, addresses, phone numbers, and more.”
The researchers used a technology called “watermarking” that gave each file a trackable fingerprint so that they could deduce where the files were downloaded and who did it.
The team then put this database on an Excel file and baited hackers. Baiting tactics included phishing as well as depositing the faked goods on numerous black market sites, writes DarkReading.
Then, the Bitglass teamed waited. They didn’t have to wait long.
“The speed at which the bait was taken was staggering,” the Bitglass report wrote.
In only a few days the files the team had constructed had reached five countries, three continents, and was viewed over 200 times.
Less than two weeks after that, over a thousand people had clicked on the goods, and the reach had expanded to five continents and 22 countries.
The most frequent countries accessing the files were Russia, China, and Brazil.
Additionally, the the researchers believe that the files also uncovered what Bitglass calls “cyber crime syndicates” — where cyber thieves collude and share information with each other — one group in Nigeria, another in Russia.
In sum, Bitglass’s work highlighted how quickly criminals all over the globe can access breached financial data.
Couple that with the fact that, on average, it has taken companies 205 days to detect a breach, you can see how alarming these findings truly are.
Business Insider Emails & Alerts
Site highlights each day to your inbox.