Earlier this week I saw an article by Shannon Williams published in “IT Brief: New Zealand” that quoted some interesting findings about stolen data on the darknets.
To conduct the study, Bitglass created some fictitious lists of login credentials that supposedly came from known data breaches. The researchers posted links to these files on various darknet markets and other sites.
However, Bitglass embedded proprietary “watermarks” in the files, so they could track the following:
- The IP address of any person accessing the files
- Their country
- How many views each darknet post received
- How many times each link was clicked
- The number of times each file was downloaded
The results from a similar study conducted in 2015 were then compared to the data from 2021, which produced some interesting findings.
The number of “views” of the data increased from 1,110 in 2015 to 13,200 in 2021, leading Bitglass to believe that the number of anonymous users on the darknets has increased significantly.
The watermarked files were downloaded by people across 5 different continents, with the highest percentage of IP addresses for the people who downloaded the files coming from the U.S. (34.6%), followed closely by Kenya (32.6%).
As the report states: “Cybercriminals are closer than you think.”
Interest in retail and government data has grown, and the techno-criminals are getting “better at covering their tracks and taking steps to evade law enforcement efforts to prosecute cybercrime.”
The Williams article quotes Mike Schuricht, from the Bitglass Threat Research Group, who said “We expect that the increasing volume of data breaches as well as more avenues for cybercriminals to monetise exfiltrated data has led to this increased interest and activity surrounding stolen data on the dark web.”
The Bitglass study concludes that “stolen data has a wider reach and moves more quickly” on the darknets – up to 11 times faster in 2021 than in 2015.
Their key takeaway?
“The volume of views and the velocity of the data as it traveled through the Dark Web compared to 6 years ago has made it clear that the usage of the Dark Web has grown. These are likely a confluence of several factors that range from an increasing number of breaches occurring, to more avenues to monetize exfiltrated data. These economics are likely going to embolden hackers and cybercriminals even further to continue their efforts to steal data, which can lead to monetary gain or notoriety.”
Why is this important today?
Many investigators know very little about the darknets (TOR is not the only one), and receive very little training about these networks.
This is in addition to the fact that law enforcement typically doesn’t have extra resources to allocate to this aspect of techno-crime – either for training or related to actual investigations.
This means that the odds increasingly favor the techno-crooks, and increase their chances of getting away with the crimes facilitated by data stolen in the exploding number of data breaches.
Once again as I’ve said many times, law enforcement and investigations professionals need a different mindset than “this is the way we’ve always done it” to be successful.
Evolve with us.