Inside Look: How Data Is Stolen & Used

It seems every day there is a data breach affecting millions of users. But where do all these files go after the leak/? And is it possible to protect this information?

Those are some questions raised by Daniel Markuson, digital privacy expert for the Panama-based virtual private network provider NordVPN.

“Many people still believe hackers are not interested in them,” Markuson said. “People often imagine cybercriminals like fishers, patiently waiting for the right fish to show up. In reality, they are more like fishing boats that use nets to catch as much as possible at once. Afterwards, they can benefit from the vast amounts of stolen data in many different ways.”

According to the digital privacy expert exploitable data procured in a number of ways — from blackmail and corporate espionage to identity theft — becomes available on the dark web market, which offers anonymity to hackers and buyers or open websites created for two to three days.

Markuson provided an overview of how hackers obtain personal data, where it usually goes post-breach, and how to protect personal information online.

How Data Can Be Stolen

1. Downloading unverified content. By downloading unverified apps, games, movies, or browser extensions, people can infect devices with viruses or spyware. “It is an easy way to lose your personal information, such as credit card numbers.”
2. A leak from the entity that handles the data. “Breaches usually occur via the web and email, but can also happen through mobile data storage devices such as optical media, USB keys, and laptops.”
3. Phishing emails or text messages. Phishing attempts most often begin with an email designed to obtain sensitive information. Such messages pretend to come from a legitimate source, such as banks, government bodies, or company leadership. These messages try to elicit fear, curiosity, or a sense of urgency to click on a malicious link or download an infected attachment.
4. Unprotected portable devices. USB sticks, smartphones, flash memory cards, or other easy-to-lose gadgets may become an easy data source for anyone who finds one.
5. Skimming devices. Thieves can steal financial data with skimming devices, which can also memorize PINs.

Why Data Is Bought

1. Advertising and targeting. Stolen data on individuals’ habits, preferences, and personalities helps target ads more precisely.
2. Surveillance and spying. Hacked personal data can open the doors for stalking, tracking, monitoring, and harassment of the victim.
3. Identity theft and impersonation. Cybercriminals can commit financial crimes in another person’s name. That may include anything from fake tax returns or illicit money transfers to insurance claims or loan applications.
4. Spam or phishing attacks. Stolen personal data can help criminals launch phishing attacks and disrupt systems or access confidential information.
5. Blackmail, extortion, and hacktivism. “It can be anything from ransomware attacks to cyberblackmail.”

“Cybersecurity starts with vigilance,” Markuson said. “Two-factor authentication, secure storage of your passwords, and use of unique, strong, and complex passwords can protect your data from falling into the wrong hands.”

Markuson also suggested regular updates of all devices can prevent criminals from using weaknesses in the OS and apps. “You should also avoid making online payments on public Wi-Fi or at least use a reputable VPN.”

However, according to Markuson, even the most advanced security tools will not help if people are not careful about the kinds of websites they visit or links clicked. “You should always be cautious about giving away your personal or financial details anywhere on the internet.”