Dark Web Honeypot Shows How Quickly Leaked Passwords Attract Hackers

[Inga Goddijn <inga () riskbasedsecurity com>]

http://news.softpedia.com/news/dark-web-honeypot-shows-how-quickly-leaked-passwords-attract-hackers-500617.shtml

*A simple experiment carried out by cloud security provider Bitglass has
shown how quickly a compromised account that had its password leaked can
attract hackers.*

Bitglass' experiment revolved around a fake identity created for a
fictitious bank employee. Researchers created a fake banking portal, a
dummy Google Drive account, and added boobytrapped files that were
monitored through the Bitglass service.

Once researchers created the fake service, they leaked it on the Dark Web
as phished credentials for a Google Drive account.
Hackers prefer Tor to hide their location, go figure!

Within a day after posting the data online, Bitglass detected three logins
on the Google Drive account, and another five on the fake banking portal.
After two days, hackers had already downloaded files, and within a month,
Bitglass recorded more than 1,400 login attempts from 30 different
countries, with many hackers returning many times over the course of
multiple days.

The hackers also tried to use the leaked credentials for the victim's other
accounts, showing exactly why password reuse is such a dangerous habit to
have.

As you'd imagine, most of the traffic came from Tor IPs. 68% of the hackers
used the service to anonymize their IP address and the ones that didn't,
use a VPN instead.

There were a few "curious" hackers that logged in from real IPs, and most
came from Austria, Holland, the Philippines, Turkey, and the US.
A small number of hackers tried to download sensitive files

The experiment, dubbed Project Cumulus, also showed that once inside the
Google Drive account, some attackers didn't stay idle, and attempted to
download sensitive files.

Bitglass says that 12% of the hackers that managed to log in attempted to
download files, and some even managed to open encrypted documents.

This was the second time that Bitglass carried out this study, after doing
the same thing back in April 2015. The company looked over the last
experiment's data once again and was surprised to find out that after
hackers avoided downloading and accessing data from the first experiment in
the beginning, eight months later, over 200 people accessed those
particular booby-trapped files.

The Bitglass Where's Your Data?
<http://pages.bitglass.com/Project_Cumulus_Report.html> report is available
for download. At only six pages, it's a very interesting quick read.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.