Cyber-demic’s Dark Side
Brian Stack
Vice President of Engineering & Dark Web Intelligence at Experian Consumer Services
April 2021
A monthly digest on dark web activity which is heavily influenced by the impact of COVID-19, remote working, nation state activity, seasonal scams, major data breaches, as well as general ID theft protection, data trends, tips and recommendations.
---------------------------------------------------------------------------------------------------------------
Boom of Bitcoin Scams Coming in 2021
According to cyber analysts, during the first quarter of 2021, the scam gangs have made more than $18 million in crypto-related fraud…This amount exceeds the $16 million dollars that they obtained during all of 2020…The number of victims in 2020 totaled about 10,500 people...So far this year, there are already 5,600 victims (and counting)…The largest fraud victim was a German fellow who lost $560,000 in a Bitcoin scam from a fake Elon Musk account…A cryptocurrency database collection was leaked on February 15th…And a threat actor on a popular English-speaking dark web hacking forum shared a massive collection of cryptocurrency-related leaked databases…Collectively, they contain well over 60 million records and can serve as a trove for cryptocurrency user account exploitation.
Facebook Data Leaked
Hey, no target is too big or small…It was reported that more than 500 million Facebook users’ personal data has been leaked and the breach even included data from Facebook CEO Mark Zuckerberg...A threat actor published the data of users onto a publicly available cybercrime forum…Some experts are saying this data is just a repackaging of data from a 2019 Facebook breach…What happened back then was a vulnerability was exploited that enabled view of the phone number linked to every Facebook account, creating a database containing the info of 533M users globally…Since this data leak is rich with phone numbers stay on the lookout for smishing (text) or vishing attempts (phone calls).
Are Random Passwords Really More Secure?
Password cracking speeds have changed a lot in 20 years, let’s take the example of the “security1” password…In 2000 it took 3 years to crack vs. the same password in 2016, which took less than 3 months…In 2021 that will now just take a matter of a few days or weeks…b8Y#o2rt is technically a decent password…No person will be able to guess it, it’s not on any short-list of common passwords, and computers will take a reasonable amount of time to crack it…But the issue is this password is hard for a human to remember and hackers have plenty of time and computing power to spend time cracking a few million of these passwords...Now take a look at this beauty: ilovefishingandflyinghorses…The secret sauce is that it’s 27 characters, all lowercase, no numbers, no random characters & something that does not exist…Yet this password will take a computer thousands of years to crack…Remember this technique next time you need to create one…Make one that’s hard for computers to crack and easy for you to remember — not the other way around...Not only are passwords important to secure, read my colleague Mike Bruemmer’s post about employers tightening up remote working systems.