I monitor data leaks and credential leaks. Sometimes, I discover data leaks before it becomes a news headline. Meanwhile, I found that my blog post was featured in thisweekin4n6. So, it encouraged me to share something new. Today, I am sharing a closer view of data leak world.
Who Leak Data
Most of the cyber criminals who leak data, are young guys. They simply use Google dorks, Shodan etc. to find vulnerable website, database or, machine to exploit. And most of the time, they try to exploit zero-days with publicly available POC. That's why, many people don't like the early release of exploit POC-
Call me old-fashioned but I dislike the release of Exploit POC one day after the release of a hotfix— Florian Roth ⚡️ (@cyb3rops) April 13, 2022
Also talking about a vulnerability in past tense that's most likely still present on 90% of the end systems shows some lack of contact with reality pic.twitter.com/0Wmz84tAas
So, to leak data, someone only needs to learn- how to search vulnerable systems and exploit those using public exploits. Although, there are many skilled leakers too.
There are many types of criminals who leak data-
1. Financial Motive: Some criminals showcase their leaked data for sale-
Image is blurred for security
Here the criminal posted some valid McAfee credentials for free. This was for advertisement. So that, viewers can visit his/her profile and contact with.
3. Other Motives: There are criminals with many other motives too. For example, some people hack systems only because they enjoy it. They are called grey hat hackers.
How Criminals Deal
❝Many data leakers don't have interest in data❞
Yes, this is true. Let me explain this. In real life, Mr. X tried to communicate with multiple data leakers, who were selling leaked data. But, Mr. X offered them to exchange their data for some more valuable leaked data. But, every criminal refused to do that-
Special communications from the whole chat
So, Here Mr. X was continuously telling them that, Mr. X can't buy and could only exchange leak with leak. But, they refused. Because, they don't have interest in the leaked data.
There are some groups, who leak the criminals' identity. For example, DoomSec has leaked identity of multiple APT group members-
There are massive number of markets, where criminals sell their leaked data. One of the top level market is Genesis Market-
Screenshot from the Genesis market
❝You can't access the market until a member invites you❞
And a member can't invite someone until the member spends $20 USD on the market. In this market, members can buy bots, which have already compromised some credentials or, cookies (these are called logs). And to do that, members can search a victim name (i.e. website) and check if there is any credential for that.
Screenshot from Conti site
They also show the percentage of how much data has been published yet.
Data leaking is a global threat. Credentials are leaked and published daily. But, many victims don't even know about the leak. So, they don't change their credential and criminals can log in to victims' accounts even after a vacation! So, everyone should be aware of data leak.
Cyber Defence Engineer, CyDefOps
Md. Abdullah Al Mamun