SUMMARY
NordVPN tracked information of around 5 Mn unique users from around the world and found data of 600,000 Indian users on the bot markets
A malicious bot is a software that steals data from a person’s device and the bot markets are places where a hacker could sell the bot logs
NordVPN noted that this data was being sold for incredibly cheap prices, with Indian users' data being sold for INR 490 on average
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
According to Panama-based virtual private network (VPN) provider NordVPN, India is one of the worst-impacted countries when it comes to stolen data being sold on cybercrime markets across the surface and the dark web.
In a recent report about bot markets, NordVPN found that Indian user data was the most common across the bot markets- 2easy and Russian. The other market, Genesis, also featured Indian users’ data, but India was not the worst impacted country in that market.
NordVPN tracked information of around 5 Mn unique users from around the world. With 600,000 users found in bot markets, Indian user data was the most popular. What’s more, NordVPN noted that this data was being sold for incredibly cheap prices.
The prices of stolen data can go as low as INR 16 ($0.20) and as high as around INR 3300 ($40). However, Indian users’ data was being sold for around INR 490 on average across the three bot markets covered by NordVPN.
It is prudent to mention that NordVPN exited India earlier this year after the government’s directives mandated all VPNs store their customers’ data.
Malicious Bots In A Sea Of Bots
Bots are fairly common on the internet. Google has crawlers – Google Bots – for websites that it uses for search engine indexing purposes and these bots are essential for search engine optimisation. However, not all bots are safe.
A malicious bot is a software that steals data from a person’s device and the bot markets are places where a hacker could potentially sell the bot logs. Bot logs contain the data stolen by the said bot and this data can include credit card information, email logins and other personally identifiable information. Further, the bots can keep updating the user data so long as the device is updated.
According to NordVPN, the data stolen by the bots included cookies, digital fingerprints, logins from popular accounts such as Facebook, Instagram, Netflix and Steam, screenshots and data from autofill forms. “Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” said Marijus Briedis, CTO at NordVPN.
The research from the VPN firm showed that Genesis offers 24 Mn+ stolen logins, 537K+ autofill forms, and nearly 82K digital fingerprints. Russian bot markets are selling 3.87 Mn bot logs from 225 countries while 2easy was found to be selling 600,000 stolen data logs from 195 countries.
“What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot,” said Briedis.
NordVPN’s report only covered data dumps that were being updated regularly, with the latest update recorded on September 29, 2022. These data dumps are more attractive to cybercriminals as the data is fresh and can be used to inflict damage.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.