A Dark Web experiment shows just how dangerous stolen email credentials can be. With a stolen Gmail username and password combo, hackers showed that they could access bank accounts and more.
In Bitglass’ second annual Where’s Your Data experiment, researchers created a digital identity for an employee of a fictitious bank, a functional web portal for the bank and a Google Drive account. The team then leaked “phished” Google Apps credentials to the Dark Web and tracked activity across the fictitious employee’s online accounts.
Hackers on the Dark Web found they could gain access to the employee’s Google Drive account, and with a little more digging, access the employee’s bank accounts with login credentials that were stolen.
During the month-long experiment, more than 1,400 visits were recorded to the Dark Web credentials and the fictitious bank’s web portal; there were five attempted bank logins and three attempted Google Drive logins within the first 24 hours; and the first file was downloaded within 48 hours of leaking the credentials.
Overall, almost all (94%) of hackers who accessed the Google Drive uncovered the victim’s other online accounts and attempted to log into the bank web portal. About 12% of hackers who successfully accessed the Google Drive attempted to download files with sensitive content. And several cracked encrypted files after download.
And, showing the popularity of the onion network, 68% of all logins came from Tor-anonymized IP addresses, suggesting that hackers are becoming more security conscious, and are realizing that they need to mask IPs when possible to avoid getting caught.
What a difference a year makes. Last year, the Bitglass team leaked watermarked documents onto the Dark Web. The files were viewed 200 times in the first few days, but the frequency of downloads quickly decreased. In the prior experiment, few downloads used any form of anonymization via Tor, which made them easy to track.
"Our second data-tracking experiment reveals the dangers of reusing passwords and shows just how quickly phished credentials can spread, exposing sensitive corporate and personal data," said Nat Kausik, CEO, Bitglass. "Organizations need a comprehensive solution that provides a more secure means of authenticating users and enables IT to quickly identify breaches and control access to sensitive data.”
In case you were wondering where the denizens of the Dark Web reside, Bitglass uncovered that the hackers came from more than 30 countries across six continents. In terms of the percentages of the countries with non-Tor visits to the bank web portal, Russia accounted for 34.85%, followed by the US at 15.67%, China at 3.5%, and Japan at 2%.
Photo © TheaDesigns