Corporate Security

People are selling your stolen data online. Here's what it looks like

The image below shows a typical message from a carrier of stolen financial information looking for a buyer. Using Signal intelligence, we found this on the dark web.

Hackers will go wherever the money is, from NZ to Europe to the US or – as in this case – Australia.

They also recently attacked New Zealand, where equipment and clothing retailer Kathmandu suffered a data breach at the start of 2019. Intruders took customers’ credit card and personal information.

The ASX-listed Kathmandu said the following in a public statement on March 13:

“Kathmandu has recently become aware that between 8 January 2019 and 12 February 2019, an unidentified third party gained unauthorised access to the Kathmandu website platform. During this period, the third party may have captured customer personal information and payment details entered at check-out.”

It was only March 13 Kathmandu that publicly responded to the breach; intelligence software like Signal could have helped spot people trying to sell the stolen data online.

Doug Hunt of Auckland described on social media how on February 15 $2581.72 was taken from his credit card account. A second fraudulent transaction was noticed by the bank and blocked.

Hunt says he found out about the breach only after his bank, ANZ, phoned him.

Hunt told media he was appalled it took Kathmandu a month to respond.

 Who hackers are and how they operate

Taking credit card numbers is one of many ways hackers make money. Another is to get ATMs to spew cash.

  • Jackpotting attacks can empty ATMs in minutes and are performed by prying open a panel to access a USB port on the machine and injecting malicious code, Tech Republic reports. Jackpotting has been a growing security threat in Europe and Mexico.

  • Most ATMs can be hacked in under 20 minutes, according to Zero Day. Typically splicing a black box into the cable between the ATM’s computer and cash dispenser is the way it’s done.

  • Another way is by plugging a flashdrive into one of the ATM's USB or PS/2 ports then running commands on the operating system to cash out money.

  • There’s also malware. North Korean-linked Lazarus Group (aka Hidden Cobra) is believed responsible for malware known as FASTCash which stole $13.5 million from India’s Cosmos Bank between August 10 and August 13, 2018. That group committed thousands of fraudulent ATM transactions across 28 countries and came down to three unauthorized money transfers using the SWIFT international financial network.

 Data breaches can be stopped before they happen

The Ponemon Institute’s 2018 IBM Cost of a Data Breach study reported the average time it takes to identify a data breach is a shocking 196 days.

The time it takes Signal security intelligence to identify a potential breach being arranged on the dark web: minutes. Australian and New Zealand banks, institutions, businesses, hospitals and ASX/NZX-listed companies can all receive early indicators so you can be proactive about security and not caught off guard.

 If you know potential threats, you can set your own search terms

Signal is an extremely user-friendly app and can be utilised by any staff members with minimal training. Simply put in the search terms you feel your institution needs to monitor; Signal’s easy interface then provides alerts when what you’re looking out for appears online.  

  • Signal is designed to recognise conversations in which criminals name your bank or business

  • Every day, Signal observes and captures data around Dark Web users offering to sell stolen material

  • Signal parses through postings and conversations and can spot questionable behaviour which might harm your brand, your interests or even your staff.

 Breaches happen to many different types of online businesses

  • LinkedIn lost 6.5 million encrypted passwords in 2012

  • Ashley Madison had 36 million accounts compromised in 2015. In July that year, a group calling itself The Impact Team threatened to release users' names and personally identifying information if Ashley Madison would not immediately shut down. The group then leaked 25gb of company data, including user details causing huge embarrassment for the thousands of Saudi executives and US military and government employees who had accounts on Ashley Madison. The company which owns Ashley Madison then faced lawsuits, as users who had in the past asked Ashley Madison to delete their accounts found themselves caught up in the leak and sued the company.

  • Dropbox login data for 68 million users has been offered for sale on the dark web. The data set came from a 2012 breach. The trafficker was known in 2016 as TheRealDeal and offered a disturbingly low price: two bitcoins.

Which data is valued most?

Various online computer hacking magazines estimate the value of stolen information like so:

  • Passports are estimated to be worth $2,000

  • Medical records:  $1,000

  • Online payment account credentials typically valued at up to $200

  • Credit or debit card information – usually sold for up to $110

  • Diplomas: $400

 Trend Micro research shows the main types of data stolen are financial and insurance data, which can be twisted to then become a tool for blackmail; healthcare details; payment card information; account logins; and educational information such as transcripts.

We have dozens of examples of top sharelisted companies relying on Signal software to avert risk.


Learn How Signal Can Help Your
Corporate Security, Emergency Management or Public Safety Team...