Investigation: World of Data Leak

Introduction


I monitor data leaks and credential leaks. Sometimes, I discover data leaks before it becomes a news headline. Meanwhile, I found that my blog post was featured in thisweekin4n6. So, it encouraged me to share something new. Today, I am sharing a closer view of data leak world.



Who Leak Data


Most of the cyber criminals who leak data, are young guys. They simply use Google dorks, Shodan etc. to find vulnerable website, database or, machine to exploit. And most of the time, they try to exploit zero-days with publicly available POC. That's why, many people don't like the early release of exploit POC-



So, to leak data, someone only needs to learn- how to search vulnerable systems and exploit those using public exploits. Although, there are many skilled leakers too.



Criminal Motives


There are many types of criminals who leak data-

1. Financial Motive: Some criminals showcase their leaked data for sale-

Image is blurred for privacy


2. For Advertise: Some criminals leak data, so that people can contact with him/her to make a deal. For example, here is a criminal's post on dark web-

Image is blurred for security


Here the criminal posted some valid McAfee credentials for free. This was for advertisement. So that, viewers can visit his/her profile and contact with.


3. Other Motives: There are criminals with many other motives too. For example, some people hack systems only because they enjoy it. They are called grey hat hackers.



How Criminals Deal


Many data leakers don't have interest in data


Yes, this is true. Let me explain this. In real life, Mr. X tried to communicate with multiple data leakers, who were selling leaked data. But, Mr. X offered them to exchange their data for some more valuable leaked data. But, every criminal refused to do that-

Special communications from the whole chat


So, Here Mr. X was continuously telling them that, Mr. X can't buy and could only exchange leak with leak. But, they refused. Because, they don't have interest in the leaked data.



Positive Leakers


There are some groups, who leak the criminals' identity. For example, DoomSec has leaked identity of multiple APT group members-

Screenshot from DoomSec


So, these types of documents are really helpful for cybersecurity professionals and threat hunters.



Leak Markets


There are massive number of markets, where criminals sell their leaked data. One of the top level market is Genesis Market-

Screenshot from the Genesis market


You can't access the market until a member invites you

And a member can't invite someone until the member spends $20 USD on the market. In this market, members can buy bots, which have already compromised some credentials or, cookies (these are called logs). And to do that, members can search a victim name (i.e. website) and check if there is any credential for that.



Ransomware Leakers


There are many dark web ransomware sites, who leak their victims' data. For example, Conti ransomware publishes their victims' data-

Screenshot from Conti site


They also show the percentage of how much data has been published yet.



Summary


Data leaking is a global threat. Credentials are leaked and published daily. But, many victims don't even know about the leak. So, they don't change their credential and criminals can log in to victims' accounts even after a vacation! So, everyone should be aware of data leak.



Md. Abdullah Al Mamun

Cyber Defence Engineer, CyDefOps