By Chris Hines, Product Marketing Manager, Bitglass
When the story first broke about the Morgan Stanley breach, where an ex-employee stole corporate data and pasted it on a file-sharing site called Pastebin, it got us thinking. We all hear about these massive breaches that take place–Target, Home Depot, Sony, Anthem, Premera–but what actually happens to the data after it is stolen? Where does it travel to? How many people see it, and how much damage can it cause?
In an effort to find the answers to these questions, we decided to launch the world’s first data tracking experiment located in the Dark Web. So, what did we do? We created an excel spreadsheet of 1,568 fake employee credentials, then placed it on anonymous file sharing sites within the “Dark Web,” using a Tor browser as our entry point. We tracked the data as it travelled to various sinister locations around the world, and as it was shared amongst cyber-crime syndicates overseas. But how?
Here at Bitglass we have developed the first watermarking security solution on the planet. The patent-pending tracking technology works like this.
- Document travels through Bitglass proxy when downloaded from a cloud or on prem application and down to a mobile device.
- When this occurs, the document is automatically embedded with an invisibe watermark.
- Every time the document is opened, a “ping” is sent to the Bitglass portal displaying: user name, file name, geographic location, IP address and device type.
- Even if a watermarked document is copied and pasted elsewhere, or mutilated in some way, the watermarks still persist.
What we found from this experiment will change the way that our industry views data security today, and shine a light on the need for greater visibility into where sensitive data travels. Especially after a breach.
Who’s keeping tabs on your data?