A new study documents how data travels and how quickly hackers share information around the globe.
Ever wondered where your data goes after it’s stolen? Here’s the startling information one company uncovered.
Imagine how rapidly you can connect to a website in India from the comfort of your own home. Have you ever wondered how fast your hacked data can travel? The answer is, “faster than you think.”
Data moves in the blink of an eye. Bitglass 1, a company focused on protecting data once it leaves its home network, recently designed an experiment to find out exactly how fast information could slingshot around the globe.
First, Bitglass researchers synthesized an Excel spreadsheet, creating over 1,550 ‘individuals’ by assigning them a compilation of Social Security numbers (SSN), credit card numbers, addresses and phone numbers. The document was watermarked when transmitted via the Bitglass proxy service. The document was then uploaded to Dropbox and seven different Dark Web addresses, which are popular with hackers. Email phishing tactics were used to entice hackers to take the bait.
Within days, the data had already reached multiple countries. In just two weeks, the document was viewed in 22 different countries on 5 continents more than 1,080 times and downloaded a total of 47 times. Each time the file was opened, the watermark technology would ‘call home’ providing information such as geographic location and IP address. Some of the connections were traced to crime groups operating in Nigeria and Russia.
“This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early,” said Nat Kausik, CEO of Bitglass.
Liquid is perhaps the perfect word to describe hacked data. It flows quickly. The click of a mouse is all it takes to send your info to places you don’t want it to go.
If your SSN is offered for sale on a dark site, you won’t get notified by one of those free ID monitoring services that some companies offer after a data breach. They only monitor a single credit bureau and they don’t scan the dark web. Only a comprehensive monitoring service like ID Watchdog searches non-credit sites where your data could be for sale and helps you recover if fraud occurs.