The economic lure of leaked data


PETALING JAYA: The lure of a six-figure income, driven by the increased demand for leaked data, has seen a 2,502% increase in the sale of ransomware on the dark web, says a digital security expert.

For long, the dark web and its contents, which isn’t indexed by the biggest search engine in the world, Google, has been home to illicit trades dealing in such things as weapons and drugs.

But recent reports of the data of some 46 million mobile users in Malaysia being leaked online tells of the growing trade in illegally obtained data.

“The dark web is increasingly being used to buy and sell cyberweapons like ransomware,” says Kane Lightowler, the Asia Pacific and Japan managing director of Carbon Black, an endpoint security company.

Ransomware is often defined as a type of malicious software which threatens to publish a victim’s data unless a ransom is paid.

In an interview with FMT, Lightowler said Carbon Black’s research found that between 2016 and 2017 there had been a 2,502% increase in the sale of ransomware on the dark web, largely due to a surge in supply and demand for ransomware.

He said cybercriminals were increasingly seeing opportunities to enter the stolen data trade and make a quick buck through the sale of ransomware.

“Dark web economies are empowering even the most novice criminals to launch ransomware attacks through do-it-yourself (DIY) kits and providing successful ransomware authors with annual incomes into six figures.

“Some sellers are making more than US$100,000 per year simply selling ransomware,” said Lightowler, adding that this figure dwarfed the annual US$69,000 salary a legitimate software developer could earn.

He said notable technological innovations that had also contributed to the proliferation of the success of the dark web were the emergence of Bitcoin for payments and the Tor browser, which masks a web user’s identity and by extension, masks illicit activities.

“Bitcoin allows money to be transferred in a way that makes it nearly impossible for law enforcement to “follow the money.” Bank transfers and credit card transactions traditionally aid in the quick takedown of scams. Bitcoin means there’s no bank to identify the account holder.”

He added that cybercriminals – some of them “lone wolves” and others, state-sponsored – often had significant resources at their disposal.

State-sponsored actors, in particular, usually have dedicated teams to carry out attacks, with many people focused on stealing information that can be used for financial gain or espionage.

The leaked data, he said, could be used to create fraudulent identities to make online purchases, and included mobile phone numbers, identity card numbers, addresses, and SIM card data.

“This leak could be used for everything from phone cloning to more nefarious activities. The bottom line is, attackers will continue to go where the money is,” he said.

Lightowler said that research done by Carbon Black earlier this year found that cybercriminals were primarily going after consumer data and corporate intellectual property, followed by attacks to disrupt a company’s services.

Earlier this month, it was reported that data from over 46 million mobile numbers from Malaysia had been leaked online.

The data, from Malaysian telcos and mobile virtual network operators, included postpaid and prepaid numbers, customer details, addresses as well as SIM card information.