A recent experiment by Bitglass, a security firm, has shown just how quickly anyone’s data can proliferate through the cyber underground. To do this, the company made up 1,568 unique names, credit card and Social Security numbers, as well as addresses and phone numbers. Then, they loaded them into a watermarked spreadsheet that would check in with a server every time the file was opened. The executable within the spreadsheet would attempt to log the approximate location-based on the IP address and the type of device used to open the file. They then uploaded the file to seven different shady sites known to be used by criminals.
Within just 12 days, the file was downloaded from those sites 47 times and then opened one thousand times in 22 countries spanning five continents. The countries with the most activity were Russia, China, and Nigeria. The first two should come as little surprise, there are many cyber crime syndicates both private and seemingly state-sponsored in both countries. But Nigeria? Perhaps the princes aren’t getting as much money from spam campaigns and have devolved into wheeling and dealing on the cyber underground. Har har.
What Bitglass is doing is exactly what we need in the security community. The more we can come to understand the cyber underground, the better we can protect against future attacks. In a past life, I got paid to monitor a honeynet and search for our client’s data. What is a honeynet? Well, it is a system of computers that are allowed to be compromised. Often, an attacker will use an infected computer as a waypoint to stash stolen data from other machines that may be infected. Bitglass doesn’t know exactly how their file moved from place to place, but it could be that malicious groups used compromised machines to mask the file’s movements. This makes it difficult to trace. The company did notice that groups in Nigeria and Russia may have been sharing or selling data to one another directly and may even have been trying to test the validity of the names, addresses, and numbers before transactions were made.
Are you worried about your personal data? You should be. Were you to use the same email address to log into multiple services like banking or healthcare information, you’d be only one hacked account away from ruin. If you have a Gmail address and would like to know what your email is worth to an attacker, head on over to the University of Illinois’ Cloudsweeper site. The following is a screen shot of how much UIC thinks my Gmail is worth to attackers:
Have you ever been compromised (hacked)? Or do you sit on the hopeful, “I don’t think it can’t happen to me” camp? Tell us why in the comments below!