As anyone who’s ever had their data stolen through a phishing scam, firewall breach, or the theft of a password must have wondered: ‘What happens to my data after a hacker has gotten their hands on it?’ After all, in 2018 alone, cybercrime cost $445 billion globally, according to EveryCloud, so that stolen data is surely being used in some profitable manner.
AMEinfo did its own digging on the matter, and consulted some field experts to help us pinpoint the fate of our precious data.
Hacking for cash and country
Generally speaking, there are any types of hackers out there motivated by different things, but the majority of them fall into 3 main categories: White Hat, Black Hat, and Grey Hat.
White Hat hackers are often known as ethical hackers, and are paid to hack companies in order to expose vuulnerabilities in their system that would then be patched by security professionals. You don’t have to worry about these.
Black Hat hackers are the notorious cybercriminals you hear about on the news. They can be smalltime or big time – in the end, their intentions are malicious. They perform their illegal activities in order to gain wealth, serve a government regime and sometimes just to do some damage against targeted individuals they might hold a grudge against. More often than not, a illegitimate hacker would only be willing to break the law if there’s a payday at the end of that nasty bit of malware. These are the ones we will be addressing in this article primarily, and the ones you need to worry about.
“Their primary motivation is usually for personal or financial gain, but they can also be involved in cyber espionage, protest or perhaps are just addicted to the thrill of cybercrime,” Norton Antivirus explains in a blog post.
Finally, you have Grey Hat hackers, who as the name suggests are neither completely good nor completely bad. Think of them as a rogue Robin Hood, looking to perform some illegal hacking to dig up incriminating evidence on a suspicious company, for example.
So what happens to data after a Black Hat hacker steals it for espionage or political reasons?
As explained earlier, the motives of a Black Hat hacker often dictate the fate of your stolen data. If they were stealing data for a government, for example, they would pass the data on to that country, which would then use it to expose sensitive data like emails, undisclosed comumunication, shocking statements made under the guise of privacy and more, or even use it to gain access to a rival country’s government or corporate networks.
US film studio Sony Pictures fell victim to this fate in 2014, after producing a controversial comedy film called The Interview depicting an assassination attempt on the life of North Korean Supreme Ruler Kim Jong-un.
“Sony employees who logged on to their desktops early on Monday morning, November 24, 2014, were greeted with the sound of digital gunfire and the image of an ominous red skeleton under the title ‘Hacked By #GOP,’ which stood not for the Grand Old Party, but for a shadowy organization called Guardians of Peace,” Vanity Fair reported at the time. “Below was a message that read… ‘We’ve already warned you, and this is just a beginning. We continue till our request be met. We’ve obtained all your Internal data Including your secrets and top secrets. If you don’t obey us, we’ll release [that] data.'”
The US had said that the attack was sponsored by North Korea, but the Asian nation denied those allegations.
The Sony hack revealed controversial emails depicting top executives discussing casting choices, making derogative comments on certain actors. The salaries of executives were also leaked, amid piles and piles of other data. It was nothing short of a mega PR disaster, and after the data was stolen, it was erased from Sony Pictures’ servers for good. The damage was incomprehensible.
What happens to data if the Black Hat hacker is looking for monterary gain or to defame someone?
Not all hacks are targetted at corporations or supposedly funded by governments. Others are scaled down towards the average individual, often with aims of monetary gain, but not always.
The most conception we have about hacks is that our credit or debit card info will be used to make illegal purchases that will rob you of your savings. While that is true and does happen, it is only one of many applications for this stolen data.
Matt Walmsley, EMEA Director at Vectra, told AMEinfo, “Unless the threat actor’s intent is commercial, or political espionage, then stolen data is typically used in one or more ways:
- Released to the public, so called “Doxing” to bully, embarrass or damage the data owner
- Sold on the dark web to monetise the data, e.g. credit card details might bring a few dollars each.
- Used directly to perpetrate fraud and theft, e.g. using stolen banking credentials.”
Morey Haber, CTO & CISO at BeyondTrust, also shared with AMEinfo some insight into this matter, “With all the cyber security breaches and stolen data, one has to wonder where all that data goes. Some of the locations are obvious and frequently in the news but other places are dark, nefarious, and have long term ramifications for people and governments:
- The Dark Web– One of the most discussed and popular terms in the industry to purchase and search for stolen data on the Internet.
- Governments (aforementioned)– Often data is stolen or acquired by adversarial governments to profile citizens, link information with existing profiles, and to data mine patterns for citizens so as to target them in future attacks or identify them as key individuals in government or industry.
- Public Disclosure– Depending on the threat actor, the data may just appear in bulk on public websites to prove the data exists, that it was hacked, or to embarrass the company or individuals contained within the data.
- Targeted Threats– The hackers themselves use the information to target individuals, companies, governments, or other groups of individuals (or even applications) to conduct crimes ranging from blackmail and spear phishing, to espionage.
- Nothing– As crazy as it sounds, some breaches result in no footprint of exposed data. The breach is reported, public disclosure occurs, but there are no ramifications or follow-up from the information stolen.”
So there you have it. more often than not, you won’t like where your data will end up, and you’ll often have to incur some massive losses just to get your data back, if at all.