The dark web is the murky underworld of the Internet where hundreds of online communities illegally trade a wide variety of commodities, from stolen user data to drugs and weapons. Over the past few years, given the alarming escalation of data breaches, dark web marketplaces are reportedly flooded with stolen user credentials being traded for a quick buck. But what happens to your data after it has been stolen by hackers and put up on the dark web?
IBTimes UK spoke to Andrei Barysevich, director of advanced collection at Recorded Future, a cybersecurity firm that uses AI (artificial intelligence) to mine the dark web for malicious activities. Barysevich said that the "dark web historically has been the main congregation point for hackers and online fraudsters, providing access to the largest targeted audience safely."
According to the firm, the dark web is home to both high-profile cybercrime syndicates as well as low-level "script kiddies". Some "exclusive" dark web communities require prospective members to cough up a fee, which could range from a few to thousands of dollars and even require current members to vouch for a new entry.
What happens to stolen data on the dark web?
Stolen credentials are generally listed on the dark web to be sold so hackers can make a quick buck. Barysevich said that different kinds of user credentials have different value to cybercriminals. For instance, banking credentials are considered the most valuable. "Such credentials provide the biggest financial return to criminals and are often monetized by hackers directly through unauthorized financial transactions," Barysevich told IBTimes UK.
He added, "The second (and most common) type is e-commerce and email credentials, which are obtained through brute-forcing attacks using readily available tools and previously leaked databases.
"Employee credentials to various corporate networks are the rarest commodity on the underground and often sold to vetted and established buyers, fetching anywhere from a couple of hundred to thousands of dollars."
Barysevich said that stolen data is likely "resold in bulk" via "automated marketplaces. On an average, raw "email: password databases" are sold for $50 per one million credentials. However, retail accounts are generally sold for only a couple of dollars per record.
How are user credentials valuable to cybercriminals?
Cybercriminals are known to use stolen credentials to launch cybercrime campaigns as well as perpetuate crimes such as identity theft and scams. However, user data has other uses and can allow hackers entry into corporations.
"Stolen credentials could be utilized as a staging point to infiltrate almost any online service that utilizes email and password as a login combination. Access to stolen emails is often used to launch large-scale spam campaigns, advertising shady goods and services or distributing malicious files," Barysevich said.
Alarmingly, stolen user data can also remain valuable long after users have reset passwords.
Barysevich said, "Unfortunately, oftentimes compromised data represents significant threat long after users update their passwords on a compromised resource or system." He added that the much belaboured yet common practise of password reuse means that "a single breach immediately offers hackers undeterred access to dozens of unrelated companies."
He said, "Data stolen during high-profile breaches, such as the latest Yahoo compromise, is rarely immediately available for sale on the dark web. Despite publicly acknowledging the penetration of company networks by unknown hackers and requesting users to update their login passwords, stolen records were rumored to be available only to a handful of privileged criminals at a hefty price tag of several hundreds of thousands of dollars."
Data tracking and recovery on the dark is very challenging
Despite the volume of stolen user data available on the dark web, tracking its flow and its recovery can be "very challenging", according to Barysevich. He said that although recovering stolen data may be imperative to companies, it can pose a "moral and legal dilemma".
"On one hand, a company has a responsibility to retrieve a customer's records before they fall into the wrong hands and uncontrolled dissemination across criminal underground begins," Barysevich said. "On the other hand, purchase of data is inevitably incentivising criminals to continue their nefarious affairs and in many cases could pose a significant legal concern."
However, experts at Recorded Future believe that dark web threat research can help companies not just track and recover stolen data but also understand the inner workings of underground cybercrime communities and potentially predict and prevent cyberattacks.