Massive data leakage, ransomware hacking or a simple server configuration error… billions of files containing personal information circulate on the Internet and more particularly on parallel dark net traffic networks.
The revelation at the end of February of the leak - and therefore of the existence - of a medical database of 500,000 French people shed a harsh light on the market for the sale of data of all kinds, which usually takes place in the dark. cybercriminal forums or on obscure encrypted messaging channels.
It is almost impossible to accurately estimate the commercial potential of all the data exchanged on the platforms of this underground economy.
But between the losses that this generates for victim companies or swindled individuals and, on the other hand, the gains accumulated by criminal organizations, we must now think in billions of euros.
And this trend is destined to be perpetuated.
More and more stolen data offers
“Last year there was an increase in the volumes of compromised databases for sale on the Dark Web on general marketplaces as well as on specialized forums for this specific purpose,” confirms Europol.
"Data is a precious commodity which opens the door to other profitable types of crime", further recalls the European Criminal Police Agency, whose investigators monitor the activities of organized cybercrime.
It is quite logical that the price of data varies according to several criteria linked to their purpose: to carry out other value-added operations.
You simply have to consider social security numbers, pay slips or account login credentials as raw material for cybercriminals with quasi-industrial methods.
“The value of a given is its qualification, what can be learned from it.
For example, a database of 100,000 identified e-mail addresses and their passwords is easy to use and therefore easy to sell
while the all-rounder, raw data, is not sold but offered on forums in the hope of advancing a personal reputation with the hacker community ”, underlines Karine, threat analyst at Avisa Partners and seasoned observer of the Dark Web.
"The freshness of the data plays a lot in its value because the passwords of an account may have been changed or a bank card declared as stolen", supports Ludovic Broyer, the boss of iProtego, a young growth specialist in the protection of Internet privacy and reputation.
"The smartest buyers also ask, when negotiating a lot, a large sample with specific dates so as not to end up with a case of real banknotes whose bottom is only worthless paper", notes the expert.
Morning essentials newsletter
A tour of the news to start the day
Subscribe to the newsletterAll newsletters
The virtual shelves of stolen data supermarkets can be found on the five well-known international cybercrime forums, which have 5,000 to 10,000 members and whose names we will not mention.
Everyone comes to do their shopping, sell or exchange a booty, a find.
Some look more and more like real e-commerce sites.
Platforms on the Dark Web sell quantities of data like emails.
LP /
According to the various experts consulted, a “data set” made up of a name, first name, e-mail and password is worth a few cents and is generally sold in packs containing tens of thousands of references.
A file that opens access to several social network accounts costs 1 to 3 euros, if its freshness is guaranteed within two weeks.
A usable bank card number sells for 3.5 to 15 or 20 euros, if it has been stolen in the past week.
“CBs are also very often sold in batches because there is only a small percentage of them that will work,” says Thomas Roccia, cybersecurity researcher at McAfee.
Pirated bank cards are sold on the Dark Web.
LP / D
Although more confidential, medical data is not specifically sought on resale networks.
"But they will perhaps know a greater interest soon if there is the establishment of a vaccination passport to travel", anticipates this specialist in the collection of information.
Because the value of a data set then depends on its use.
"A data file bought at 5 euros can allow scams targeted at several thousand euros", reminds Ludovic Broyer of iProtego.
"Special packs for identity theft"
After investing a little, hackers and other cyber crooks can, among other things, recycle emails in phishing campaigns, use passwords to gain access to computer systems to deploy ransomware or spoof them. the identity of a person and their means of payment.
"There are special packs for identity theft with more complex and qualitative data such as passport photos and proof of address, the value of which can reach between 10 and 15 euros per individual, or even 30 to 60 euros if the pack includes the complete profile with PDFs, ”points out Marie, another analyst from Avisa Partners, who surveys French and Russian forums.
Full digital profile offers are for sale on illegal sites.
LP /
These commercial negotiations also sometimes move on the encrypted Telegram messaging where "channels" promote data at negotiable prices.
“Payments are settled in cryptocurrencies such as Bitcoin, Monero or more recently the Hedera Hashgraph (HBAR) deemed even more untraceable,” says Timothée Brogniart, European director of SSl247, an SME specializing in cybersecurity audits.
Once the financial transaction has been completed, the protagonists will send the files to each other via transfer services such as Mega, an easy-to-use and almost anonymous platform.
Redistributed then copied from one storage server to another, these data are in the nature or in the possession of one or more groups and they will be so for a very long time as recalled by the putting online in mid-February of a gargantuan database of billions of references.
"There is a permanent cycle of fraud around compiled data which, even when it is no longer fresh, continues to circulate and is recycled," sighs an expert in the field.
Destitute victims
"The real problem is the data which is not published on the Dark Web but which has strategic values for companies and industrial espionage with billions at stake", relativizes Pierre-Louis Lussan, France director of Netwrix , an American company specializing in access to internal databases.
Rarer and more refined, these data are exchanged over-the-counter with sometimes the intervention in the exchange of state agencies with almost unlimited funds.
Unfortunately, there is little recourse for victims who are mostly unaware of the existence of an illegal copy of their digital life.
“It's impossible to clean data on the Dark Web, there's just no way to do full research on such a perimeter.
The companies that sell this promise are not marketing, ”says Ludovic Broyer of iProtego.
READ ALSO>
Gangs, extortion and ransomware… Investigation into very organized gang hackers
On the legal ground, it is also hard to assert your rights.
"The nature of the data circulating rarely reveals the source of the leak," admits the specialist lawyer Étienne Drouard of the Hogan Lovells firm.
"But when it does, it becomes possible to turn against the company that was responsible for securing data as sensitive as your health, your political opinions or financial data."
However, it is necessary to be able to prove the negligence thanks to an expertise to hope for compensation.
With the proliferation of hacks involving the theft of data, in particular such as hospitals or mutual societies, the actions of groups such as the procedures initiated with the CNIL should rapidly increase in density.