Data of 6 lakh Indians sold on bot-market

According to experts, India is the most affected country in the world. There is a possibility that your personal data might be on sale on bot-markets. According to a report by cybersecurity company NordVPN, as many as five million people have fallen prey to online identity theft, and their data has been sold to bot-markets for Rs 490 each. Of this, Indians are the worst affected, with data of as many as six lakh citizens being sold on the bot markets. It seems like technology is moving towards disaster. It is a wake-up call for the Government to consider the agenda of fast-track digitisation.

Bot markets are used by hackers to sell stolen data from victims' devices with bot malware. Marijus Briedis, Chief Technology Officer at NordVPN says, “What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot.”

“A simple password is no longer worth money to criminals, when they can buy logins, cookies, and digital fingerprints in one click for just Rs 490,” MarijusBriedis adds.

The word ‘Bot’, in this context does not imply an autonomous program, but refers to data-harvesting malware. Bot markets are online marketplaces, which are used by hackers to sell data which they have stolen from their victims’ devices by harvesting bot malware. The data is sold in packets and include the full digital identity of a compromised person such as logins, cookies, digital fingerprints, and other information.

The research found 26.6 million stolen logins on the bot markets. Of this, 7,20,000 were through Google logins, 6,54,000 through Microsoft logins, and 6,47,000 were through Facebook logins. Moreover, cookies are usually stolen from the users’ browser and help hackers in by-passing the two-factor authentication. The research found 667 million stolen cookies on the bot markets.

Meanwhile, a person’s digital fingerprint includes screen resolution, device information, default language, browser preferences, and other information. Many online platforms track their users’ digital fingerprints to make sure they properly authenticate them. The research found 81,000 stolen digital fingerprints and 5,38,000 autofill forms on the bot markets.

“Some tactics are even simpler. A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” says Marijus Briedis. The most popular types of malwares that steal data are RedLine, Vidar, Racoon, Taurus, and AZORult.

S Mohini Ratna, Editor, VARINDIA