A security firm that frequently undertakes computer crime forensics for individual companies wanted to understand the overall picture of how common successful cyber attacks really are. For every major breach that is disclosed, it is generally considered that there are many others that are either not disclosed or actively suppressed – but nobody really knows how many.
"We wanted to get a broader picture of how common these attacks are ‘in the wild’ and how much user data is being compromised across the world," announced Swiss firm High-Tech Bridge (HTB) in a report published today. To discover this, it undertook an analysis of compromised credentials finding its way onto Pastebin. The intention was to seek some quantification from the criminals who steal the data rather than from the victims who may or may not even admit to the breach.
Pastebin is an anonymous publishing service with many valid purposes – but also frequently used by hackers to post 'press releases' and announce their 'successes.' The analysis was not an easy task. Firstly, hackers rarely publish the full database of their exploits – just enough either to demonstrate their success or to whet the appetite of potential buyers. Secondly, the Pastebin moderators make strenuous efforts to remove any illegally obtained personal data from the site.
"This is why," says HTB, "the majority of records with stolen personal information usually represent only 0.01% –1% of the total information compromised by the hackers. Nevertheless, even these ‘Proof-of-Concepts’ affected thousands of people and businesses worldwide." By combing through Pastebin and checking Google's cache, HTB found more than 300,000 stolen passwords.
Analyzing these postings, HTB's CEO Ilia Kolochenko suggests, "there are two main sources of information leaks posted on Pastebin: insecure web applications and compromised user machines with installed Trojans." More than 40% of the stolen data relates to email credentials, while 13.1% relate to social networks. Within these, 25% of the emails relate to Gmail, while 22% relate to Yahoo. Facebook dominates the social network credentials, with 92% of all compromised social network accounts. Twitter is next with 7.8%.
Taking the number of passwords that actually make it onto Pastebin, it's impossible to make a precise judgment on how many passwords are actually stolen each year. But Kolochenko points out that Pastebin is just one of the more visible sites that are used by hackers, and that those who do use it post only a small amount of their haul.
Nevertheless, he says, "I think we can speak about several hundreds of millions at least. People finally need to understand that the Internet is a very hostile place, while online service providers need to finally start taking network security seriously."