India users’ data most common on cybercrime marketplaces: NordVPN

At least 12% of all unique user data found in cyber crime marketplaces belonged to Indians, a report by Panama-based virtual private network (VPN) service provider NordVPN said on Thursday. It further added that personally identifiable information of users — which include passwords, financial information and even cookies stored on a device — can be purchased from these so-called ‘bot’ marketplaces for less than ₹500.

The ‘bot’ market refers to cyber crime marketplaces that update user data regularly for as long as the malware remains active on a user’s device. While NordVPN tracked data belonging to 5 million unique users around the world, data of Indian users topped the chart — with over 6 lakh users found in popular bot market databases.

To be sure, the report covers databases that are actively updating user data, and not data dumps of old data. The latter, though more common, attracts lesser interest and price among cyber criminals since old data may often be ineffective or irrelevant for future breaches. For instance, on December 2, a report by homegrown cyber security firm Cloudsek disclosed personal and health data of 1.5 lakh users from a Tamil Nadu hospital being sold. The data, which was from a database up to 15 years old, was being sold for around ₹8,000 on a popular data marketplace.

Industry experts, however, stated that such old databases are likely of not much value.

Among databases scanned by NordVPN, the types of information found in the databases include stolen login information of Google, Microsoft and Facebook accounts, cookies, digital footprints, and autofill addresses.

Stealing ‘cookies’ — bits of code that contain information unique to a user — from their device can allow a cyber attacker to bypass two-factor authentication. Digital footprints, meanwhile, include information such as network and device data, and can often be used by scammers for identity thefts. Autofill information, too, can be used in identity theft scams, since they include data such as saved addresses, phone numbers and information on family members.

Marijus Briedis, chief technology officer of NordVPN, said that such databases are of greater value to attackers. “After the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot,” he said.

Briedis added that such databases are also sold as a per-service model. “Steam accounts are sold for up to $6,000 per account, and can be easy money for a criminal,” he said.

The data published by NordVPN was sourced as of September 29, the company said in its research methodology.