Where Does Stolen Data Go?
The recent indictment of 4 Chinese nationals gives us an opportunity to talk about a topic that touches all the companies that have had the personal or account information they protect stolen: Where does stolen data go?
The script kiddie
Script kiddies are young, unsophisticated malicious actors. They purchase tools or download free ones and are unable to tweak or adapt these tools. Script kiddies are therefore limited in who they can target and the amount of information they steal. They usually go after the low hanging fruits.
Script kiddies are the most common type of malicious actors. They fortunately have little to no clue of how to monetize the information they steal. Their main concern once they eventually steal information is how to monetize it. Dropping in to the private chat messages exchanged by script kiddies, we found that although the script kiddies had hacked thousands of computers, they were only able to rent a motel room and order a large Domino’s pizza with a stolen credit card.
Protecting against script kiddies is possible. With up to date patches and basic security measures (ex. no default passwords), script kiddies are less likely to steal data from your organization.
Script kiddies still represent a significant threat as there are legions of them. Each can leak stolen data and the small size of their leaks makes them more difficult to detect.
The organized crime groups
Organized crime groups target large corporations like Home Depot, Target, Subway and Marriott. These groups have access to skilled hackers and the resources to purchase top of the line software and hardware. They have developed a methodology that enables them to steal millions of personal and financial information in a single operation.
For individuals, having their data stolen by organized crime groups is perhaps the best (of the worst!) scenario. Organized crime groups simply cannot sell or take advantage of the millions of personal and financial information they steal in each campaign. Financial institutions moreover use machine learning tools and methodologies to detect fraud. Their algorithms may miss the first cases of fraud by organized crime groups but they rapidly catch on.
The threat from organized crime groups is most significant for companies. Because of new regulations forcing disclosures of leaks, companies must admit publicly to leaking millions of records. This leads to massive hits to reputation, stock prices and significant costs to investigate the hack.
The boutique organized crime groups
Not all organized crime groups aim to steal massive amounts of data. Some operate at a much smaller level, purchasing sets of data from trusted platforms or stealing smaller sets of data through phishing. These groups maximize their returns and remain under the radar for the most part. They are part of the dark figure of crime and are difficult to detect, track and fight.
Nation state actors
The Equifax hack showcases the last and most intriguing set of actors: nation state actors. Nation states steal personal information for intelligence purposes (ex. to find out where the CIA’s director lives). They also steal information to generate revenues when targeted by embargoes. North Korea was accused of attacking the Bangladesh Bank to fund its regime that had little access to international currencies. In both scenarios, the stolen personal and financial information is unlikely to be sold online fortunately.
The threat of nation state actors comes mainly from the new regulations mentioned above. Companies must once again admit publicly to exposing millions of records, leading to damage to reputation, decline stock prices and significant costs in mitigation and remediation.
What the best solution looks like
Given the diversified threat landscape, what does the best solution to deal with stolen data look like?
First, the best solution should index all the leaked data for sale online. It is important that the solution indexes both large marketplaces fed by organized crime groups and much smaller ones on which boutique organized crime groups and script kiddies are active. Many solutions focus on large marketplaces as that allows for bold claims (ex. 10 million records collected in the last month!) by vendors. In this case however, quality is worth much more than quantity.
Second, the best solution should provide intelligence about what threat actors are discussing. Leaked records are important to understand what information has leaked, but analyzing the content of exchanges also provides valuable information about who is being targeted and how (ex. bypassing security questions, security vulnerability).
Third, the best solution should be proactive and quick in detecting leaks as they happen. Governments are imposing large fines on companies that are late to report data leaks and breaches. The damage to reputation and stock price decline is inevitable, especially if companies are not well prepared to deal with the news of a massive data leak. Solutions should be canaries in the mine that provide companies with the time they need to prepare response to a data leak.
Firework, Flare Systems’ solution to monitor data leaks and digital risk prevention embodies transparency and tells you in real-time what leaked data has been found, collected, from where, and what that data means. In order to prevent damage to reputation, companies need to proactively monitor for stolen data on the web. Connect with us to learn how we can help you prevent unintentional data leaks.