nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

USA is home to largest number of data perves, study finds

When it comes to sniffing stolen creds on Tor, they gaufre it in Belgium but the UK lags

By Darren Pauli, 13 Apr 2015

The US is home to the largest number of data perverts, according to research.

The research Where's Your Data (pdf) reveals more American Tor dark net lurkers had viewed supposedly 1568 legitimate personal details, and credit card and social security numbers in a spreadsheet than any of the other 22 countries where snoops' connections had been traced.

It was spread through the dark web hidden services and cyberlockers like DropBox in what was dubbed the "world's first A/B test" for carders over the Tor service.

The experiment started with a phishing scam where the spreadsheet was offered on a dark web service for download from a BitGlass' proxy. As the spreadsheet was downloaded it was slapped with a tracking watermark that phoned home over the internet with the would-be scammer's IP address, user names, and device types.

It was then spread to other file sharing sites where it was downloaded and later re-sold by unscrupulous scammers.

"The speed at which the bait was taken was staggering. In the first few days, the data had reached over five countries, three continents and was viewed over 200 times - by 12 days it had received over 1081 clicks, and had spread across the globe to 22 different countries, in five continents," the report reads.

Belgium users, or VPNs based there, clocked the second top origin for connections viewing or purchasing the details that had been posted in order to trace how fast and far the data would travel after a supposed leak.

British users were underwhelmingly boring, coming in eighth spot, while New Zealand punched above its weight beating Russia and Turkey to claim 13th position.

Australia was conspicuously absent, possibly indicating the convict colony is free of convicts.

BitGlass' proprietary tracking mechanism remained when the spreadsheet was copied elsewhere, or "mutilated".

It could limit the impact of the study since it would seem to fail if hackers opened content on offline boxes or had noticed and outsmarted the mechanism. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing