Many CIOs have implemented software that dupes employees into clicking on links and attachments that simulate phishing scams, an increasingly common educational tool to warn workers about the dangers of suspicious email messages. Security software maker Bitglass has reversed the shenanigans by leaking faked Google Apps credentials on the Dark Web, a hacker's playground for trafficking in stolen data. Then it tracked the activity, watching the many ways in which hackers wreaked havoc with supposed stolen online identities.
The results, including more than 1,400 visits to the credentials and a corresponding bank website, were startling and serves as yet another wake-up call for organizations, whose employees are perennially the weakest link to enterprise security. It should also tell CIOs that enterprising criminals are easily enticed by corporate information housed in the darkest corners of the Web.
For the experiment, dubbed Project Cumulus, Bitglass forged “Dennis,” a fictitious online persona working for a fake retail bank, along with a functional bank Web portal. It created a Google Drive account loaded with emails, files with credit card information and proprietary work documents, and rounded out the Dennis persona with Facebook and LinkedIn profiles. Then it ceded Dennis’ data to sites on the Dark Web that host stolen information, and advertised it as reaped from a phishing campaign, says Rich Campagna, vice president of products and marketing at Bitglass, whose software monitors cloud software corporate employees access.
Fake persona attracts flurry of hacking activity
Bitglass used its monitoring software to "watermark" or track activity on Dennis’ Google Drive files, including logins and downloads. "We could see everything these users were doing, where they're coming from and whose downloading what," Campagna says.
Within the first 24 hours, Bitglass logged five attempted bank logins and three attempted Google Drive logins. Files containing real credit-card information were downloaded from Dennis’ account within 48 hours of the initial leak. Over a 30-day period, his account was viewed hundreds of times and many hackers used the Drive credentials to access the victim’s other online accounts. Some 12 percent of hackers downloaded Google Drive download files, with several cracking the encrypted files. The hackers hailed from more than 30 countries around the world, including Russia, U.S. and China.
Bitglass' successful trolling for unsuspecting hackers didn't reap many surprises, given the efficacy with which it made data available on the Dark Web. What stood out to Campagna was that 94 percent of hackers who accessed the Google Drive account uncovered the victim’s other online accounts, and used the data to log into the bank's Web portal — a shockingly high percentage.
Hackers are getting more discreet
Sign up for CIO Asia eNewsletters.