Ever wondered about the nuts and bolts of the attacker’s post-hack routine once your data is stolen? Here’s the hacker’s post breach checklist of what happens to your stolen data:
1. Inventory the stolen data – Hackers will look through the stolen data files for authentication credentials, personal information like names, addresses and phone numbers, and financial information like credit card details.
2. Sell personal information – Next, the hacker will package up personal information like names, addresses, phone numbers, and email addresses and sell them, typically in bulk. These are more valuable the more recent they are. According to Quartz, a full set of someone’s personal information including identification number, address, birthdate and possibly credit card info costs between $1 and $450 with a media cost of $21.35.
3. Look for the good stuff – Hackers will then inventory authentication credentials further and look for potentially lucrative accounts. Government and military addresses are very valuable, as well as company email addresses and passwords for large corporations. Since people often re-use their passwords, hackers can often use credentials for military or corporate accounts to target other companies. A hacker may plan such a hack himself, or he/she may sell the credentials to others on the dark web for a much higher price.
4. Offload the cards – Financial information like credit card numbers are packaged and sold in bundles. An individual with the right knowledge could easily buy credit card information in groups of ten or a hundred.
Usually a “broker” buys the card information, then sells them to a “carder” who goes through a shell game of purchases to avoid being detected. First, the “carders” use stolen credit card to buy gift cards to stores or to Amazon.com, then use those cards to buy physical items. The carder may then sell the electronics through legitimate channels like eBay, or through an underground dark website.
5. Sell in bulk – After several months, the hacker will bundle up authentication credentials and sell them in bulk at a discounted price. By now, most of the credentials are worthless since the company has most likely discovered the breach and taken steps to repair it.
So what can you, the consumer, learn from this?
First, make sure you use different passwords for each of your online accounts. That way, even if one is compromised the rest will be safe.
Second, act quickly if you suspect your personal information has been stolen. If you have an account with a company that reports a breach, change that password immediately. You can check if any of your accounts have been stolen on haveibeenpwned.com, a website run by a Microsoft security researcher that searches data breach info dumps.
You can’t always prevent your data from being stolen by hackers, but by reacting quickly you can minimise the damage.
David Higgins, ANZ Regional Director, WatchGuard Technologies