The Rise of Digital Fingerprints in the Dark Marketplace Threatens Identities

An overview of top dark web and the digital identities marketplace comprised of stolen “digital fingerprints” of a user’s web browsing device (i.e., IP address, OS information, time zone, user behavior).

New York City-based IntSights, a threat intelligence company focused on enabling enterprises to “defend forward,” announced the release of the company’s latest report “Digital Browser Identities: The Hottest New Black Market Good.”

The report contends, “The appearance of the Genesis market in November 2018 drew attention to a new type of underground “good” – a digital identity.” This type of black market sells full fingerprinting of a user’s web browser and computer characteristics, allowing an attacker to impersonate the victim almost flawlessly. “This empowers the buyer of the digital identity to access websites as another user and circumvent advanced identity protection services.” The study maintains this includes access to mail accounts (i.e., Google, Yahoo, Microsoft), social media profiles (i.e., Facebook, Twitter, LinkedIn), banks and credit card accounts (including PayPal), retail and e-commerce sites (i.e., eBay, Amazon, Best Buy), music services (Spotify), travel apps (Uber), government services, and even internal login pages for the victim’s company.

The report suggested, “Think of it like digital facial recognition, except instead of scanning your face to verify your identity, they’re using your web browsing device properties.” The implications are frightening, as it gives anyone the ability to intrude and mimic a user identity online since users commonly save their credentials in their browser—even for financial and work websites—for convenience. “The applications for this masquerade tactic go beyond fraud and financial crime. Hackers can target specific companies by searching for their employees; pedophiles can target and impersonate children by searching for victims who access known children’s sites; and intelligence agencies can search for different government employees according to their internal login pages.”

IntSights also noted Richlogs, an emerging competitor to Genesis, has joined the ranks in terms of top dark marketplaces. “Like the Genesis market, Richlogs collects and sells stolen ‘digital fingerprints’ of a user’s web browsing device (i.e., IP address, OS information, time zone, user behavior). These sites enable the purchaser to impersonate a legitimate online user and circumvent standard security protocols, offering full credentialed access to any site that was stored in the victim’s browser.”

Ariel Ainhoren, head of research, IntSights, said, “The level of intrusion into a victim’s life that digital identities provide is alarming. It is not just credit cards, bank accounts, or PII at stake. Digital identities offer threat actors the ability to almost completely take over someone’s online browsing identity. This includes everything from accessing expenses, to tracking daily travel routes, to seeing tax information.” She added the bigger the victim’s digital footprint, the more a threat actor can impersonate them. “Digital identities, as they are sold on Richlogs and Genesis, offer the whole digital fingerprint of an individual on a plate, providing endless opportunities for fraud, scams, theft, and access to the victim’s personal life.”

IntSights provided tips to protect an organization from digital identity fraud:

• Continuously monitor digital identity markets. Visibility and awareness are key to proactive protection. “Monitoring these markets can help you identify compromised identities early (for example, to one of your internal login pages), so that you can more diligently monitor traffic to that page and/or increase verification methods when users log in.”
• Enable two-factor authentication. “Asking for a second (or even third) variable for verifying users makes it increasingly difficult for threat actors to hack accounts. This might include mobile verification or providing answers to additional security questions that only the customer or employee will know.”
• Regularly update fingerprinting protocols. If your company uses digital fingerprinting to verify customers or users, make sure you regularly update these protocols and add additional points of authentication in order to keep up with the stealer’s version upgrades.
• Consistently clear cookies and browsing history. “Clearing your cookies and browsing history limits the extent of your ‘digital history’ and therefore won’t put additional websites and/or profiles at risk if your device becomes infected.”
• Change passwords regularly. This is always a cybersecurity best practice, and it certainly applies here as well. Changing passwords and avoiding password reuse both help significantly reduce your risk of compromise.