Experiment Reveals How Fast Stolen Data Spreads on the Dark Web

April 16, 2015, Written By John H. Oldshue

An experiment from BitGlass studied how stolen credit cards and Social Security numbers make their way through the Internet after a data breach. The results revealed data travels at a remarkable speed and showed just how poor detection efforts have been in America.

BitGlass, a security firm, created a set of fake personal data to place on the Internet. The data carried a special watermark that allowed the firm to track its progress through the “Dark Web”, defined by BitGlass as “a part of the web not indexed by Google and other popular search engines and estimated to be about 500 times larger than the normal Internet.”

The tracking showed that in just a few days, the data had been viewed over 200 times by people in five different countries across three continents. By day 12, the data had received 1,081 views and reached 22 countries in five continents. By the end of the experiment, the fake information had reached everywhere but Australia and Antarctica.

Russia, China, and Brazil were the most common countries that accessed the data. In addition, the data showed a strong concentration of viewers in Russia and Nigeria, “indicating the possibility of two cyber crime syndicates,” according to the report.

The BitGlass study showed how quickly information can travel through the web, despite the fact it takes an average of 205 days to detect a data breach. Even the Target breach of 2013 took 24 days to discover, which is incredibly fast compared to the 10 months it took for P.F. Chang’s.

Clearly, detection speeds of data breaches need to be improved to keep up with the virality of stolen information on the Dark Web. Until that time, stolen data will have the potential to reach all parts of the world before companies even realize it is gone.

The information contained within this article was accurate as of April 16, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.