Measuring The Speed Of Theft

So how fast does stolen data travel? This is not the set-up for a poorly conceived joke – instead it is the subject of a new experiment created by tech security firm Bitglass.

Bitglass posted some sensitive material – dummied up consumer information (names, addresses, phone numbers, Social Security numbers and credit card numbers of 1,568 fictitious people) on the dark Web to see how long it took criminals to snap up said data.

Answer: not very long.

Within two weeks, the data had been viewed over 1,000 times and downloaded 47 times in 22 countries on five continents. The information was reportedly particularly popular with Russian and Nigerian criminal gangs.

“What we set out to do was to figure out whether there is a liquid market for stolen data,” said Nat Kausik, chief executive of Bitglass, according to The Wall Street Journal. The company uses proprietary watermarking technology that allowed it to track data as it moved across the dark Web. “What we found was there is a pretty active liquid market for stolen data,” he said.

When a stolen file was opened, the watermark – which is designed to be non-removable no matter what is done with the file – pinged back to the company tracking it, allowing Bitglass to track the IP addresses that interacted with the data packages.

“We [had] no idea what to expect, how many people would download and view stolen data,” Kausik said, according to the WSJ. “When you are a resident of the U.S. you don’t think your ID as a person is of value to someone else. It’s a little bit unsettling to find out there is market for it.”

Kausik further noted that the data his firm has found indicates that companies – which have spent two years being breached with charming regularity – need to step up their game in detecting and locking down their systems.

“All this expenditure is aimed at preventing bad guys from getting in. Rather than looking at the stuff that is coming in, look at what is leaving the network and keep a watchful eye on it because once it gets to the dark Web it’s too late,” Kausik said.