Digital identities of five million people are for sale on so-called “bot markets” on the dark web. The stolen data appears to include digital fingerprints, auto-fill forms and user logins. The worst affected country is India, where 600,000 citizens appear to have had their details pilfered.
The data identified in a new report from VPN provider NordVPN includes cookies, logins, webcam screenshots and digital fingerprints. It is estimated in the report that 12% of all the data on the bot markets is Indian. The average price of a single digital identity of an Indian is 490 Indian Rupees, or £4.87.
What is a dark web bot market?
Bot markets are used by cybercriminals to sell data they have stolen using bot malware, and NordVPN has been tracking activity on these platforms since bot markets were first launched in 2018.
They host and sell data harvested by bots that have infiltrated private devices. “The scariest thing about bot markets is that they make it easy for hackers to exploit the victim’s data,” the report says. “Even a rookie cybercriminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication.”
Bot markets can be found both on the dark and the clear webs. The Genesis market, for example, has a professional-looking, publicly accessible website through which it sells digital fingerprints. A search function allows users to find credentials from a specific site, or particular data such as financial data.
According to a report by security company F5, Genesis Marketplace also has a full-featured help desk with a ticketing system. This works like a normal tech support portal where marketplace operators will promptly answer requests in English.
Dark web bot markets hold five million digital identities
The countries whose data appeared most commonly on the marketplaces, according to NordVPN’s research, are India, the US, Italy, Spain, France and Brazil, as well as in smaller numbers from 713 other nations.
The markets covered by NordVPN include the three largest on the dark web, the Genesis Market, the Russian Market and 2Easy. The most popular types of malware that steal the data are RedLine, Vidar, Racoon, Taurus and AZORult.
Within the markets at least 26.6 million stolen logins were found, including 720,000 Google logins, 654,000 Microsoft logins and 647,000 Facebook logins.
Among the data, researchers also uncovered 667 million cookies, 81,000 digital fingerprints and 583,000 auto-fill forms.
Auto-fill forms are noteworthy as, apart from email addresses and names they often include home addresses and financial information.
"What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. “After the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot,” said Marijus Briedis, chief security officer at NordVPN. “A simple password is no longer worth money to criminals when they can buy logins, cookies and digital fingerprints in one click for just 490 rupees."
Read more: Credential stuffing attacks fuel dark web trade in log-ins
