A recent study by NordVPN of Lithuania's Nord Security found that data of over 50 lakh people were stolen globally and sold in bot markets for 490 Indian rupees. The study put India at the heart of the data breach as a whopping 6 lakh Indian data was found to be stolen by hackers and sold in bot markets.
The study found that hackers had stolen webcam snaps, screenshots, up-to-date logins, cookies and digital fingerprints of users. The research found 26.6 million stolen logins. Amongst them were around 720,000 Google logins, 654,000 Microsoft logins, 647,000 Facebook logins, 223,000 Netflix logins and several other user data of many major companies were found to be compromised.
In this interview, The Probe's Vikas Mavi speaks to Marijus Briedis, Chief Technology Officer of NordVPN, on the study and the implications of the Indian data leak.
Vikas: How long did your team take to complete the study? Who were the critical team members, and what was the methodology used?
Marijus: The study took approximately three months to complete. It took one month for third-party researchers to gather the statistical data and one more month to analyse the data and create a research page.
The data about bot markets was compiled in partnership with independent third-party researchers specialising in cybersecurity incident research. No information that relates to an identified or identifiable individual was collected, reviewed, or otherwise involved when performing the research and preparing the study. Moreover, the researchers did not access the dark web. Data was received on September 29, 2022.
Vikas: Your study has revealed very crucial details. You have said that the data of 50 lakh people that were stolen globally were sold in bot markets for 490 INR. When you say that India is most affected by this threat in the world, can you give us more details regarding the India angle? Who were the victims of this attack? Were they government employees, private individuals, students, or business houses?
Marijus: The victims of the attack were the usual internet users who got their devices infected by bot malware. We have not looked into their personal information as this would mean a violation of their privacy. But generally, hackers do not target any special group by this attack.
Vikas: As this is a grave issue, have you also kept the Indian cyber authorities in the loop over the findings of your study?
Vikas: Since a maximum number of Indian data were stolen, we would like to know what, according to you, are some of the reasons that make Indians particularly susceptible to such attacks.
Marijus: First of all, the number of internet users in India is very large. So that is why the number of affected users is also pretty huge. Also, India still lacks cyber security awareness. Many people don't know they should not download random files or click on suspicious links, and that is why they are easily tricked by hackers.
Vikas: Please elaborate on the role of these bot markets: the Genesis Market, the Russian Market and 2Easy. Which of these markets were used to sell the data of Indians? Have you been able to identify the key hackers?
Vikas: Do the 600,000 Indian citizens whose data was compromised know that their data was stolen? Have you informed the victims about such a bot attack?
Marijus: We have no information about the identities of affected people because we have not bought any of the information from the bot markets. Buying information like that is illegal, so we only used statistical data for the research.
Vikas: You have revealed that "after the bot is sold, the victim's information can be updated as long as their device is infected by the bot". Since this is an issue that requires immediate action by law enforcement agencies of the countries involved, we would like to know if you are planning to coordinate with the government agencies to bust the racket.
Vikas: You have mentioned several companies like Google, Amazon, Facebook, Paypal and others. Have you informed these companies about how such bot attacks compromised their user data?
Marijus: We have not informed any of the companies you mentioned, as we believe informing society and possible victims (Indians) is the most effective thing to do.
Vikas: Were Indian Netflix users' data compromised? If yes, how many people have been victims of the bot attacks?
Vikas: Who are the buyers of this data?
Marijus: The buyers are mostly cybercriminals who want to use the data for their own sake.
Vikas: How does one find out if their data has been compromised? What precautionary measures do you suggest the users take to ensure that their data and privacy are not hampered?
Marijus: There is no way to know that bot malware has or has not stolen your data without experiencing the consequences (like phishing attempts, identity theft, and the like). The best thing any user can do is install antivirus software and scan their device for malware. It is also essential to clean cookies regularly, change passwords every six months and store them in a password manager, not a browser. This way, even if a user was affected by bot malware in the post, they will protect themselves from the possible consequences of their data being stolen.