There have been hundreds of data breaches on the last few years and what most of us do not know is where it goes. However, there is hope in learning where stolen information may end up as revealed in this blog.
There are many high profile targets when it comes to data breaches today. The most recent among them are Anthem, Sony, Morgan Stanley and Target. These companies have been victims of theft related to account credentials, financial data, addresses, social security numbers, names and private communications.
The Identity Theft Resource Center in the US has revealed that there were over seven hundred and eighty breaches last year. In fact, nearly seven hundred million records have been reported stolen in the last decade with more than five thousand breaches recorded in the US alone.
Despite the fact that data breaches occur at almost a monthly basis involving a reputable brand, there has never been a proper follow up on where all the stolen information goes. But in recent times, there has been increasing research to gather more evidence on where the stolen data is taken and who uses it.
Stolen information is put up for sale in the segment of the internet referred to as the Dark Web. This underground comprises sites and online stores that are involved in illegal activities including weaponry, narcotics and hacking tools in addition to sale of data. It is accessible via the Tor network and consists of websites that provide free downloads of information that is posted online anonymously.
Data has been tracked using tracking technology comprising a watermark embedded in a file that keeps transmitting a signal every time the document is opened. On transmission, the portal provides data regarding the device type used to open the file as well as the IP address and geographic location. Conversely, duplication of the file does not result in the loss in transmission of the signal. As such, the watermark can be tracked throughout.
In less than a week it was found that the file transmitted its tracking signal from three continents and five different countries and had already been viewed a few hundred times. Within two weeks the file had been viewed in over twenty countries on the five continents of Africa, Europe, Asia, South America and North America.
There was also an indication of heightened activity from viewers in Russia and Nigeria signifying the possibility of syndicates based on the IP address, location and time analysis.
This signifies the speed at which data can be transmitted from one point to another online irrespective of what information can be stolen. High value targets will most certainly have their information disseminated at much higher speeds with more risk involved for the victims.
It can also be concluded that despite all the modern encryption codes used by organizations, security breaches cannot be avoided. Moreover, the issues may be discovered years later and this could result in the circulation of stolen data all over the world. It is essential for business organizations to invest more heavily in cyber security. Data protection protocols and internal controls should be enhanced in order to minimize the risks involved.