The image below shows a typical message from a carrier of stolen financial information looking for a buyer.
Using Signal open source intelligence software, we found this on the dark web.
Hackers will go wherever the money is, from NZ to Europe to the US or – as in this case – Australia.
They also recently attacked New Zealand, where equipment and clothing retailer Kathmandu suffered a data breach at the start of 2019. Intruders took customers’ credit card and personal information.
The ASX-listed Kathmandu said the following in a public statement on March 13:
“Kathmandu has recently become aware that between 8 January 2019 and 12 February 2019, an unidentified third party gained unauthorised access to the Kathmandu website platform. During this period, the third party may have captured customer personal information and payment details entered at check-out.”
It was only March 13th that Kathmandu publicly responded to the breach; intelligence software like Signal could have helped spot people trying to sell the stolen data online.
Doug Hunt of Auckland described on social media how on February 15 $2581.72 was taken from his credit card account. A second fraudulent transaction was noticed by the bank and blocked.
Hunt says he found out about the breach only after his bank, ANZ, phoned him.
Hunt told media he was appalled it took Kathmandu a month to respond.
Who hackers are and how they operate
Taking credit card numbers is one of many ways hackers make money. Another is to get ATMs to spew cash.
Jackpotting attacks can empty ATMs in minutes and are performed by prying open a panel to access a USB port on the machine and injecting malicious code, Tech Republic reports. Jackpotting has been a growing security threat in Europe and Mexico.
Most ATMs can be hacked in under 20 minutes, according to Zero Day. Typically splicing a black box into the cable between the ATM’s computer and cash dispenser is the way it’s done.
Another way is by plugging a flashdrive into one of the ATM's USB or PS/2 ports then running commands on the operating system to cash out money.
There’s also malware. North Korean-linked Lazarus Group (aka Hidden Cobra) is believed responsible for malware known as FASTCash which stole $13.5 million from India’s Cosmos Bank between August 10 and August 13, 2018. That group committed thousands of fraudulent ATM transactions across 28 countries and came down to three unauthorized money transfers using the SWIFT international financial network.
Data breaches can be stopped before they happen
The Ponemon Institute’s 2018 IBM Cost of a Data Breach study reported the average time it takes to identify a data breach is a shocking 196 days.
The time it takes Signal security intelligence to identify a potential breach being arranged on the dark web: minutes. Australian and New Zealand banks, institutions, businesses, hospitals and ASX/NZX-listed companies can all receive early indicators so you can be proactive about security and not caught off guard.
If you know potential threats, you can set your own search terms
Signal is an extremely user-friendly app and can be utilised by any staff members with minimal training. Simply put in the search terms you feel your institution needs to monitor; Signal’s easy interface then provides alerts when what you’re looking out for appears online.
Signal is designed to recognise conversations in which criminals name your bank or business
Every day, Signal observes and captures data around Dark Web users offering to sell stolen material
Signal parses through postings and conversations and can spot questionable behaviour which might harm your brand, your interests or even your staff.
Breaches happen to many different types of online businesses
LinkedIn lost 6.5 million encrypted passwords in 2012;
Ashley Madison had 36 million accounts compromised in 2015. In July that year, a group calling itself ‘The Impact Team’ threatened to release users' names and personally identifying information if Ashley Madison would not immediately shut down. The group then leaked 25gb of company data, including user details causing huge embarrassment for the thousands of Saudi executives and US military and government employees who had accounts on Ashley Madison. The company which owns Ashley Madison then faced lawsuits, as users who had in the past asked Ashley Madison to delete their accounts found themselves caught up in the leak and sued the company.
Dropbox login data for 68 million users has been offered for sale on the dark web. The data set came from a 2012 breach. The trafficker was known in 2016 as TheRealDeal and offered a disturbingly low price: two bitcoins.
Which data is valued most?
Various online computer hacking magazines estimate the value of stolen information like so:
Passports are estimated to be worth $2,000
Medical records: $1,000
Online payment account credentials typically valued at up to $200
Credit or debit card information – usually sold for up to $110
Diplomas: $400
Trend Micro research shows the main types of data stolen are financial and insurance data, which can be twisted to then become a tool for blackmail; healthcare details; payment card information; account logins; and educational information such as transcripts.
However, even supposedly valueless data such as a username and password login to a seemingly unimportant website offers value to cybercriminals through the credential stuffing tactic. This is when cybercriminals use user logins against multiple different login forms due to the fact that many people use the same password for multiple websites.
We have dozens of examples of top share listed companies relying on Signal software to avert risk.