Data protectionDo you know where your data is?

Published 9 April 2015

Bitglass, a data protection company, undertook an experiment aiming to gain better understanding of what happens to sensitive data once it has been stolen. In the experiment, stolen data traveled the globe, landing in five different continents and twenty-two countries within two weeks. Overall, the data was viewed more than 1,000 times and downloaded forty-seven times; some activity had connections to crime syndicates in Nigeria and Russia. “This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early,” said Nat Kausik, Bitglass CEO.

Bitglass, a data protection company, undertook an experiment aiming to gain better understanding ofwhat happens to sensitive data once it has been stolen. In the experiment, stolen data traveled the globe, landing in five different continents and twenty-two countries within two weeks. Overall, the data was viewed more than 1,000 times and downloaded forty-seven times; some activity had connections to crime syndicates in Nigeria and Russia.

Bitglass says that its threat research team programmatically synthesized 1,568 fake names, social security numbers, credit card numbers, addresses, and phone numbers which were saved in an Excel spreadsheet. The spreadsheet was then transmitted through the Bitglass proxy, which automatically watermarked the file. Each time the file is opened, the persistent watermark, which survives copy, paste, and other file manipulations, “calls home” to record view information such as IP address, geographic location, and device type. Finally, the spreadsheet was posted anonymously to cyber-crime marketplaces on the Dark Web.

The experiment offers insight into how stolen records from data breaches are shared, bought and then sold on the black market. During the experiment, crime syndicates in Nigeria and Russia emerged via clusters of closely-related activity. Traffic patterns indicate the fake data was shared among members of the syndicates to vet its validity and subsequently shared elsewhere on the Dark Web, beyond the original drop sites.

In 2014, 783 data breaches were reported, which represents a 27.5 percent spike over the previous year. Data breaches continue to spike in 2015 — as of March 20, 174 breaches, affecting nearly 100 million customer records were reported. While many are suffering from data-breach fatigue, this experiment sheds light on how cybercriminals interact with pilfered data and thus helps enterprises understand why visibility is critical when it comes to limiting the damage of breaches.

The falsified data was placed on DropBox as well as on seven Dark Web sites believed to be frequented by cybercriminals. Bitglass says that the result of the experiment found that within twelve days the data was:

  • Accessed from five continents - North America, Asia, Europe, Africa and South America
  • Accessed from 22 countries - United States, Brazil, Belgium, Nigeria, Hong Kong, Spain, Germany, the United Kingdom, France, Sweden, Finland, the Maldives, New Zealand, Canada, Norway, the Russian Federation, the Netherlands, the Czech Republic, Denmark, Italy, Turkey
  • Accessed most often from Nigeria, Russia and Brazil
  • Viewed 1,081 times, with 47 unique downloads

“Bitglass’ mission is to protect corporate data outside of the firewall — anywhere it goes on the Internet. This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early,” said Nat Kausik, CEO, Bitglass. “Our Breach Discovery service helps organizations limit the damage from data breaches.”

— Read the report; watch the video