A cloud access security broker, Bitglass, tried to answer the paraphrased question, How far does stolen data go in the deep web after a breach? Bitglass went on the Deep Web and planted spreadsheets with 1568 fake employee credentials, including things such as their names, social security numbers, and other information. This data looked like the real thing and would not work when the credentials would be used.
The data took 12 days for data to be clicked more than 1081 times in 22 countries. This is huge when compared with the data given about a year back by Mandiant Consulting, owned by Fire Eye. This was that most normal breaches take 205 days to be found.
How they tracked the data is the most important part and to me the most interest. Bitglass put a watermark on a spreadsheet and then put this in an open Dropbox folder and other site such as Onion-pastebin. The key part is that you can’t see the watermark and every time the document is opened, it will call home and tell you the IP address it was opened at. This will not work for those that turn off the internet before opening the file, thus none of the statistics take this into account.
Overall, this shows the importance of security and how powerful the ability to share information over the internet is.
- Bitglass Website – http://www.bitglass.com/company/about
- PC Advisor – http://www.pcadvisor.co.uk/news/security/3607414/watermarks-used-to-track-data-through-dark-web-to-russia-nigeria/
- CSO – http://www.csoonline.com/article/2908500/data-protection/watermarks-used-to-track-data-through-dark-web-to-russia-nigeria.html
- Security Affairs – http://securityaffairs.co/wordpress/35902/cyber-crime/propagation-data-deep-web.html