Data On Tor: Where Privacy Goes To Die

If you aren’t a medium member, you can read with no paywall via substack

As the new year kicked off, we started with a new focus on the dark web which included a look at its history and some of the moments that shaped its usage and reputation. While things like the Silk Road and Alphabay are pretty well known by the general public (even if only at the surface level) the concept of stolen data and ransomware is far less understood. In today’s article we’ll try to break down some of the myths around this and look at how breached or stolen data is used for commercial gain. 

Background

As we’ve mentioned earlier, in a lot of ways the early days of the Internet were a simpler time. While the concept of viruses and worms was pretty well known from the start, things like storing data and using it for things like advertising and onselling really didn’t exist in the same way back then.

 However as the internet grew and became a larger, more central part of our lives this slowly started to change, and with the integration of social media into our daily lives the amount of data held on us as individuals began to grow, and the number of people or companies wanting access to that data began to grow with it. 

As the level of data grew alongside the internet, and our ability to apply computing power increased we also saw new ways to process and examine this collected data which included improvements on how we could analyze and deanonymize this data. Not a great outcome for those who are privacy-focused but convenient for those who don’t care. 

Like anything in life that reaches the mainstream though, it didn’t take the criminal world long to realise that this new playground could be financially lucrative for those who were willing to get involved. 

Why Is Data Breeched? 

Typically when we’re looking at the dark web when we can see breeches that have occurred we usually find they’ve occurred for one of a few reasons. It’s usually because they are:

1. Targeted Breaches that focus on individuals.
2. Mass Breaches that often involve large numbers of data points. 
3. Ransomware attacks where the data may be breached but lost and never released. 

When we break it down a little further we can start to see that each situation has a different motivation, strategy and even execution method. 

Often, financial gain is a significant motivator however there have been state-backed attacks in the past where money hasn’t come into the equation at all. 

Who Breeches Data

This question is a bit trickier to answer but like the types of attacks, the initial answer is that it varies. However, some regular players in the field are pretty easy to pin down 

1. CyberCriminals carrying out activities to bring in revenue.
2. Lone Wolves, for any number of various reasons
3. State-based intelligence agencies and militaries, both Foreign and Domestic.
4. Hacktivist groups, that target various goals and are motivated by an assortment of reasons.
5. Insiders. Sometimes insiders can overlap with lone wolves but there is a distinct difference between the two. 

While you will find other actors involved, typically you’ll find that most circumstances can often fit into these groups, which makes it a bit easier to identify some of the motives behind these attacks. 

Difference Between Attacks

While covering the differences between all attacks is probably outside the scope of a single article, it is worthwhile discussing the differences between the different types of attacks and how this can affect breach data in general. While most cyber attacks might end up interacting with the dark web to some extent, understanding how they do so is important in being able to assess levels of risk. Let’s ask ChatGPT to explain the difference in concept between a ransomware attack and a data breach. 

Input: Explain the difference between ransomware and breach data

Output: Ransomware and breached data are distinct but interconnected concepts within the realm of cybersecurity. Here’s an explanation of the differences between ransomware and breached data:

Ransomware:
1. Definition:
 — Ransomware is a type of malicious software designed to block access to a computer system or files until a sum of money, usually in cryptocurrency, is paid to the attacker.
2. Attack Mechanism:
 — Delivery: Ransomware is typically delivered through phishing emails, malicious attachments, or compromised websites. Once activated, it encrypts files on the victim’s system, rendering them inaccessible.
3. Objective:
 — Financial Gain: The primary motivation behind ransomware attacks is financial. Attackers demand a ransom payment in exchange for providing the victim with a decryption key to regain access to their files.
4. Victim Impact:
 — Immediate Disruption: Ransomware can cause immediate disruption to businesses and individuals by encrypting critical files, leading to data loss or downtime. Payment of the ransom is often presented as the quickest way to recover the files.
5. Notable Examples:
 — WannaCry, Ryuk, REvil: These are examples of ransomware strains that gained notoriety for targeting organizations and individuals worldwide, often demanding significant ransom payments.
Lockbit lock screen. Source: Fortinet.com

Breached Data:
1. Definition:
Breached data refers to sensitive information that has been accessed, stolen, or exposed by unauthorized individuals or cyber criminals.

2. Attack Mechanism:
Various Methods: Breached data can result from various cyberattacks, including hacking, phishing, SQL injection, or exploiting vulnerabilities in software or systems.

3. Objective:
 Varied Motivations: The motivations behind data breaches can vary. Cybercriminals may seek financial gain by selling stolen data, engage in identity theft, or use the information for other malicious purposes.

4. Victim Impact:
 Identity Theft, Fraud: The impact of breached data can extend beyond the immediate incident. Victims may face identity theft, financial fraud, or other forms of exploitation depending on the type of information exposed.

5. Notable Examples:
 Equifax Breach, LinkedIn Data Breach: These are examples of high-profile data breaches where sensitive information, such as personal details, login credentials, or financial data, was compromised.

Connection between Ransomware and Breached Data:
Intersection: In some cases, ransomware attacks may involve the theft of sensitive data before encryption. Cybercriminals may threaten to release the stolen data publicly unless the ransom is paid, creating a dual impact of both a data breach and a ransomware attack.

Data as Leverage: The stolen data can be used as leverage to pressure victims into paying the ransom, especially if the exposed information is sensitive or valuable.

So, while ransomware focuses on encrypting files and demanding payment for their release, breached data refers to the unauthorized access or exposure of sensitive information. However, these concepts can intersect when ransomware attacks involve the theft of data as an additional layer of coercion.

Marketplaces

Once the data has been breached, it holds little in the way of dollar value without the breach being validated and being put up for sale.

Often you'll find that companies are given the chance to buy their data back before it’s leaked, providing a payday for the leaking party and allowing the company to save face during the breach. And while we’re typically told (for good reason) that we shouldn’t trust criminals it may surprise you to know that in a lot of instances, there are actually some ethics there in the cyber realm. 

While it sounds crazy, the concept of a ransomware attack holds no value if there isn’t an incentive to pay. So if the general reputation changes to not getting your data back even if you pay post-attack, then the concept of ransomware as a service would collapse entirely. A net positive for the world but a disaster for a would-be criminal trying to make a living. Still, we shouldn’t feel sorry for them and we most certainly shouldn’t encourage the concept of cybercrime.

However, data breaches choose a different place to go. Usually, they’ll end up on a Dark Web market, and while there’s plenty to choose from few ran as smoothly as Lockbit’s. 

If you’re interested in reading more this post from Fortinet gives great details as well as some interesting stats. It’s fair to say that Ransomware As A Service is far more prevalent than the general public realises. 

Protecting Yourself

While the concept of protecting yourself from these two threats is possible, actually doing so requires two different strategies. However, one thing that does overlap is having a think about what this might look like prior to an incident occurring. 

For Ransomware this could entail things like good antivirus protection and recent backups that allow you to restore your system. It should also entail things like using full disk encryption and having your machine properly configured to minimize your risk. 

For privacy focus, you may choose to look at what information you’d like to protect as well as strategies around information sharing and how you minimise risk when you’re sharing information with others. We’ll look at covering some of these concepts in future pieces to look at some easy steps that can be implemented without going too crazy. 

While it’s true that many will never face the anxiety of having their data potentially breached or lost, having a good idea of what you’ll do if you are put in that position makes it easy to have peace of mind as you browse the web. 

Medium has recently made some algorithm changes to improve the discoverability of articles like this one. These changes are designed to ensure that high-quality content reaches a wider audience, and your engagement plays a crucial role in making that happen.

If you found this article insightful, informative, or entertaining, we kindly encourage you to show your support. Clapping for this article not only lets the author know that their work is appreciated but also helps boost its visibility to others who might benefit from it.

🌟 Enjoyed this article? Support our work and join the community! 🌟

💙 Support me on Ko-fi: Investigator515

📢 Join our OSINT Telegram channel for exclusive updates or

📢 Follow our crypto Telegram for the latest giveaways

🐦 Follow us on Twitter and

🟦 We’re now on Bluesky!

🔗 Articles we think you’ll like:

1. Signals From Space: The International Space Station
2. Ukraine OSINT: Strava Strikes Again

✉️ Want more content like this? Sign up for email updates