If you are an internet user, there is a possibility that your personal data might be on sale on bot markets. According to a report by cybersecurity company NordVPN, as many as five million people have fallen prey to online identity theft, and their data has been sold to bot markets for ₹490 each. Of this, Indians are the worst affected, with data of as many as six lakh citizens being sold on the bot markets.
MarijusBriedis, chief technology officer at NordVPN says, “What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot.”
“A simple password is no longer worth money to criminals, when they can buy logins, cookies, and digital fingerprints in one click for just ₹490,” MarijusBriedis adds.
The word ‘Bot’, in this context does not imply to an autonomous program, but refers to data-harvesting malware. Bot markets are online marketplaces, which are used by hackers to sell data which they have stolen from their victims’ devices by harvesting bot malware. The data is sold in packets and include the full digital identity of a compromised person such as logins, cookies, digital fingerprints, and other information.
The research found 26.6 million stolen logins on the bot markets. Of this, 7,20,000 were through Google logins, 6,54,000 through Microsoft logins, and 6,47,000 were through Facebook logins. Moreover, cookies are usually stolen from the users’ browser and help hackers in by-passing the two-factor authentication. The research found 667 million stolen cookies on the bot markets. Meanwhile, a person’s digital fingerprint includes screen resolution, device information, default language, browser preferences, and other information. Many online platforms track their users’ digital fingerprints to make sure they properly authenticate them. The research found 81,000 stolen digital fingerprints on the bot markets. The research also found the research, 5,38,000 autofill forms on the bot markets.
“Some tactics are even simpler. A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” says MarijusBriedis.
The most popular types of malware that steal data are RedLine, Vidar, Racoon, Taurus, and AZORult.
The researchers have analysed three major bot markets in the report i.e. the Genesis Market, the Russian Market and 2Easy. According to the report, 2Easy sells more than six lakh stolen data logs from 195 countries, at a price range of ₹16.43 to ₹1,643. The most affected countries by this market are India, Brazil and the US. The Genesis Market, which offers the most advanced interface out of all bot markets, sells more than four lakh data from 225 countries at a price range between ₹41 and ₹3,287. The countries like Italy, Spain and France are the most-affected by this market. The Russian Market is the biggest bot market, and sells over 3,870,000 data logs from 225 countries at a price range of ₹41 and ₹821. India, Indonesia and Brazil are the most affected countries by this market.
“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal,” MarijusBriedis says.