Why Cyber Attacks are Not All Equal

Show Notes

Have you ever wondered why cyber attacks are not all equal? Why some of the most significant data breaches in history didn't lead to your personal information being sold on the dark web? When Data Breaches Are Really Espionage? 

Why did the stolen data from breaches like Anthem, Starwood/Marriott, OPM, and Equifax vanish into the ether, while other breaches see data auctioned off to the highest bidder? 

Let's delve into these mysteries, each a tale of intrigue and unseen adversaries.

Grow without Interruption. Stop Breaches. Leverage Advances in Technology with NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com  
 

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss a video episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Youtube (FKA Google) Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Chapters

• 0:00: Understanding the Dark Web and Data Valuation
• 3:29: Introduction to Cybercrime and Data Breaches
• 5:47: The Anatomy of Data Breaches
• 9:34: Case Studies: Anthem and Marriott Breaches
• 12:23: Exploring the OPM and Equifax Breaches
• 14:30: The Role of State-Sponsored Actors
• 18:48: How To Know If You Have Been Hacked
• 22:19: Why Not All Cyber Attacks Are Equal
• 26:02: Why Businesses Are Targeted In Cyber Attacks

Transcript

When Data Breaches Are Really Espionage

 

Topics: when data breaches are really espionage, why not all breaches are equal, why detection is critical in cybersecurity, how long hackers stay undetected, hackers undetected for months, how to detect hackers, chinese espionage in the us, when breaches arent driven by money, cybercrime, data breaches, cybersecurity, phishing, social engineering, dark web, state-sponsored hacking, personal data protection, security awareness, digital espionage

Chapters

• 00:00 Introduction to Cybercrime and Data Breaches
• 00:31 Understanding Data Breaches and Their Causes
• 04:32 Case Studies: Anthem and Marriott Breaches
• 09:22 The OPM and Equifax Breaches Explained
• 15:02 The Dark Web and State-Sponsored Hacking
• 20:53 Consequences of Data Breaches and Prevention Strategies
• 25:34 Final Thoughts on Cybersecurity Awareness

Host (00:00.256)
you

Host (00:16.342)
Join us as we go behind the scenes of today's most notorious cybercrime, translating cybersecurity into everyday language that's practical and easy to understand. appreciate you making this an award winning podcast by downloading our episodes on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and now the show.

Host (00:55.32)
data breach? Well, when you read about data breaches in the news, your data almost immediately gets listed for sale on the dark web. The dark web operates just like the internet and is accessible through some special tools, but it has no filters, has no indexing, and it's completely anonymous. But on there, it operates just like a business. It looks very much like the regular internet that most of us are used to.

It has marketplaces kind of like Amazon, except for illegal things like guns, drugs, malware, like ransomware and yes, stolen data. So how much does your data sell for? The answer is it sells for a lot. For example, between 25 and $500 per record, depending on the type for online banking logins.

so I could literally go and buy and log into your bank just as you and have full access to your life savings, it's about 50 bucks to a hundred dollars. That's it. For full identity profiles, they're called FOLLS. They sell between a hundred dollars or more. For medical records, which can be used for a lot of things, they sell between 250 to $500 or more.

So when you hear about these data breaches in the news and there's hundreds of thousands or millions of records stolen, multiply that times the 50 to $500 per record set. And you have tens of millions of dollars for sale almost immediately right after a data breach. So now you know.

But here's a twist. What if I told you that some of the biggest data breaches in history worth hundreds of millions of dollars if that data gets sold on the dark web, never got sold at all. It was never placed for sale on the dark web. Why? Why would they go through all of that and then not capitalize on

Host (03:07.679)
As it turns out, these historic massive breaches worth hundreds of millions of dollars just sitting there for the click of a mouse to make that money.

Those sales of that stolen data never happened. Who would give up that massive payday, that yacht, that private island, never having to work again another day in their life? Who would choose not to do that when it's literally the click of a mouse? Why would they not do it? That's the subject of today's episode. This is the story.

of why not all cyber attacks are equal.

you

Host (04:00.313)
Data breaches, they are always in the news. But what do we really understand about them? Well, we hear about phishing emails, and we hear about social engineering, but what do we do? We roll our eyes. I mean, WE think we can spot them, but the data shows that we do not. Exactly, David. In fact,

New reports show that over 83 % of all breaches are caused by either social engineering or phishing. And that is insane. It gets worse. Did you know that an IBM report shows that threat actors have been inside your network on average for more than six months? Really? Yes, and during that time they are completely undetected. Undetected? Completely undetected. So what about the IT companies they hire?

What about all the tech systems and servers and cloud infrastructure they buy? All that money invested? Great question. Well, while IT support and network operations are needed, it still gives organizations zero visibility into a hacker hiding in plain sight inside their network. They remain undetected unless they engage specific security service.

Most organizations have zero visibility. Zero visibility into catching a bad guy when they are sitting there for over six months. That's a crazy long time. I know. So I got to ask why is that? Well, how do I say this? The answer can be a little complicated. So let me translate it. Please. There's a difference between IT support and security services.

Eye-to-support is needed to keep things humming along so an organization can be productive. But security operations do something totally different. They threat hunt. They search for network movement and evaluate the same technology, but in a different way. They use different software and systems to search for bad guys. An analogy someone told me once.

Host (06:20.438)
may help explain it. In a kitchen, if the dishwasher has a leak behind the counter, a slow leak, and over six months it does a ton of terrible damage, like causing mold and wood and drywall damage, what happens to the homeowner? They have to tear out the walls and cabinets. It's major, right? Right. That's because while people were cleaning the counters, putting up the dishes, cleaning the floors, and keeping things operational so we could enjoy the kitchen,

Nobody had special tools search behind the appliances looking for errors or damages that were otherwise undetectable for six months. So that's why we say not all breaches are created equal. When someone detects things right away, they can plug the leak in minutes, not months. And there is no, or at least very little damage. Makes sense. So circling back around,

to actual breaches, what happens after one occurs? The bad guys steal the data and sell it for massive profits on the dark web, right? Exactly. Have you ever wondered why some of the most significant data breaches in history didn't lead to your personal information being sold on the dark web? Why did the stolen data from breaches like Anthem, Starwood, Marriott, the OPM breach, and the infamous Equifax breach

vanish into the ether, while other breaches see data auctioned off to the highest bidder. Let's talk about these four breaches since they all have one major thing in common. Oh, I remember some of them. I know about the Anthem breach. I live in Indianapolis and remember it. In 2015, Anthem, a titan in the health insurance realm, fell victim to a cyber attack that

compromised the personal information of nearly 80 million individuals. Names, social security numbers, birth dates, all the keys to one's identity were stolen. Yet curiously, this trove never surfaced on the dark web. Investigations pointed towards sophisticated state-sponsored actors with fingers directed at China, the motive. Not financial gain, but the quiet accumulation of data.

Host (08:44.311)
for intelligence purposes weaving together profiles for future endeavors. The Anthem data breach occurred when hackers gained access to Anthem systems through a very simple attack, a phishing email. Think you can spot one and it's obvious? Think again, hackers here were sending targeted emails to employees, which allowed them to infiltrate the network and steal sensitive personal information from millions of customers.

including names, dates of birth, addresses, and social security numbers. This breach is considered one of the largest healthcare data breaches in history. Hackers used spear phishing emails to target Anthem employees, tricking them into clicking malicious links or downloading malware, which gave them access to the company's network. The breach affected approximately 80 million current and former Anthem customers.

exposing sensitive personal information like names, social security numbers, and medical records. you all started freezing your credit too? Come on, man.

Host (10:14.345)
Excellent. Okay, tell me about the Marriott breach. What happened there? Well, there was several. The hospitality giant Marriott International discovered in 2018 that its subsidiary, Starwood, had been under siege since 2014. The breach affected approximately 500 million guests, exposing information ranging from contact details to passport numbers. Despite the scale, this data too remained absent.

from illicit markets. Analysts said the hackers were aiming to amass data on global travelers. The Starwood Marriott data breach was caused by multiple cyber attacks that exploited a variety of vulnerabilities, including outdated software, inadequate access controls, and a lack of multi-factor authentication. In 2014, a malicious actor compromised a Starwood web server

and installed malware on hundreds of systems across dozens of properties. The attacker gained access to administrative credentials and remained active for over four years. Wait, what? Over four years? Over four freaking years. Holy crap. After the 2014 breach, there was another one in 2015. In that year, Starwood disclosed a 14-month data breach that occurred after announcing

It's acquisition by Marriott. Then again in 2022, a hacking group used social engineering, phishing and phone calls to steal passwords and access Marriott's internal systems. The hackers stole 20 gigabytes of customer data, including personal information and credit card numbers. Holy cow, that is a lot of issues for one company. Yep.

The attackers used a remote access Trojan rat and an open source tool called Mimicats. The rat allowed the attacker to remotely access a computer while Mimicats searched a system's memory for user credentials. Why did it happen? Experts say that Marriott's failure to implement

Host (12:30.443)
Reasonable data security led to three large data breaches that impacted more than 344 million customers worldwide. The company agreed to a settlement with the FTC and was required to implement a robust information security program. So what happened in the OPM breach and what does OPM stand for again? The Office of Personnel Management OPM breach in 2015 was a direct assault

on the US government's human resources department. Sensitive information of over 21 million current and former federal employees, including detailed security clearance forms, was exfiltrated. This breach was a jackpot for foreign intelligence, providing insights into the personal lives of those with access to national secrets. Third-party contractors working with OPM contributed to the weak security controls

The breach involved multiple hackers, including one who used a contractor's credentials to install malware and create a backdoor to the network. The hackers stole sensitive information such as names, birth dates, addresses, and social security numbers. The OPM data breach occurred primarily due to poor cybersecurity practices

within the office of personnel management, including inadequate network security, lack of multi-factor authentication, and failure to properly address security vulnerabilities, which allowed hackers to gain access to sensitive employee data, like social security numbers through compromised credentials, likely obtained through social engineering tactics, and then install malware to exfiltrate large amounts of information from the system.

That's a lot of data and healthcare records to boot. That fetches a high dollar amount on the dark web. Yep. Okay. We will get to that in just a second because it's quite shocking actually. So let's jump into and explore the Equifax breach. I can explain this one. If that's okay. Please do. So everyone here in the US has a FICO score and Equifax is one of the three major credit bureaus that keep track of all your spending. All of it to give you that FICO score.

Host (14:56.587)
So they held everything, all credit card charges, all utility bills, mortgages, car payments, everything. Yep, exactly. In 2017, Equifax, one of the major credit reporting agencies, suffered a breach that exposed the personal information of 147 million people. Given the nature of the data, social security numbers, birth dates, addresses, one would expect it to flood dark web marketplaces. Yet it remained conspicuously absent.

The US Department of Justice later indicted four members of China's military for the hack, suggesting the intent was to gather economic intelligence rather than immediate financial exploitation. The Equifax data breach occurred primarily because the company failed to install a critical security patch on its Apache Strut software, which allowed hackers to gain access to their systems and steal sensitive consumer data like names, social security numbers, and credit card details. This vulnerability was known to Equifax.

but they did not apply the necessary patch in a timely manner, leaving a significant security gap that attackers exploited. Great explanation. Yep, exactly. The primary cause was a known vulnerability in the Apache Struts software that Equifax used, which they were notified about and should have patched, but did not. And a key fact here is the delay in detection.

Remember how we mentioned hackers are inside networks for over six months on average, completely undetected. Yep. Did that happen here? Yep. Despite the breach occurring in May, 2017, Equifax didn't discover it until July, 2017, allowing hackers to access sensitive data for a prolonged period. Here they were inside their systems undetected. Exactly.

breach affected millions of consumers, exposing personal information like names, addresses, dates of birth and social security numbers. There was also alleged criminal actions by the executive leadership team in Ho. They handled the breach and the CEO later was forced to resign. Yep, it was a shit show. They are the poster child for what not to do in preparing for and handling a data breach. So I have to ask

Host (17:16.749)
How much did all these breaches go for on the dark web when the hackers sold the treasure trove of data that steal in these four major beaches? How much did it go for? Yep. Like, don't medical records sell for a higher amount and other records less. So there are some general ranges. Exactly. Generally, health care records sell for around $202 per set in that range.

Other record sets go for between $7520 on many of the dark web marketplaces or ransomware and leak sites. I'm getting my calculator out. we are going to do some EMATH, are we? You know it. Okay. And? And these would have sold for hundreds of millions of dollars online. So what was the amount? Curious minds demand to know. Glad you asked. And?

Well, you want the answer. Yes. The answer is zero. Wait, what? I don't understand. Imagine if the stolen information never hits the dark web. Today, we're diving into a digital underworld where your data might be more valuable to spies than criminals. Hmm. What exactly are we talking about here? Well, we're exploring why not all data breaches are created equal.

It's a fascinating subject that touches on cyber security, international espionage, and the dark underbelly of the internet. You know, some of the biggest data breaches in recent history didn't result in our personal information being sold on the dark web. It's counterintuitive, isn't it? That's certainly surprising. You'd think with all that valuable data, cyber criminals would be having a field day. But you're saying that's not always the case? Exactly.

Let's start with the Anthem breach back in 2015. was massive. Nearly 80 million people had their personal information stolen. We're talking everything from names and social security numbers to birth dates. But here's the kicker. None of that information ever showed up for sale on the dark web. So what happened to all that data? It didn't just vanish into thin air, right? You're right. It didn't.

Host (19:38.315)
Investigations pointed towards sophisticated state-sponsored actors, with China being the prime suspect. The theory is that they weren't after quick financial gain. Instead, they were quietly building profiles for future intelligence operations. so you're saying this wasn't about making a quick buck, but more about long-term strategic goals? Precisely. And it's not just Anthem. Remember the Starwood

Marriott breach in 2018. That affected about 500 million guests. Everything from contact details to passport numbers was exposed, but again, none of it showed up on the dark web markets. Let me guess, another case of state-sponsored hacking? You've got it. Analysts believe the hackers were more interested in gathering data on global travelers. It's all about building those comprehensive profiles.

But here's where it gets even more interesting. The Starwood Marriott breach wasn't just a one-time thing. The attackers had been in their systems since 2014, and it wasn't discovered until 2018. Four years of undetected access? That's terrifying. How does that even happen? Well, it often comes down to sophisticated tactics and poor security practices.

In the Starwood case, the attackers used a remote access trojan and tools to search for user credentials in the system's memory. They're not just breaking in, they're setting up shop and making themselves at home in these networks. So it's like they're squatting in these systems, quietly gathering data for years. But surely someone must have noticed something was off? You'd think so, but these attackers are incredibly skilled at covering their tracks.

and it's not always high tech either. In the Anthem breach, it all started with a simple phishing email. An employee clicked on a malicious link and that was all it took to start the breach. That really highlights how important cybersecurity training is for employees. But what about the companies themselves? Surely they bear some responsibility? Absolutely. Take Equifax, for example.

Host (21:59.994)
Their 2017 breach exposed the personal information of 147 million people and it all came down to a failure to install a critical security patch. They knew about the vulnerability in their Apache Struts software but didn't apply the patch in time. That's incredibly frustrating. It's one thing when it's a sophisticated state sponsored attack but to leave the door wide open like that. It's almost negligent.

It's a stark reminder of how important basic security practices are. But here's where it gets even more interesting. Even though this was clearly a case of negligence, the stolen Equifax data didn't end up for sale either. The U.S. Department of Justice later indicted four members of China's military for the hack. So we're seeing a pattern here. These massive breaches, often due to simple mistakes or oversights,

are being exploited not by common criminals, but by state actors. It's like there's this whole shadow war going on that most of us never see. That's a great way to put it. And it's not just China. These state-sponsored attacks are coming from various countries, all vying for information and strategic advantage. But let's talk about another significant breach, the Office of Personnel Management, OPM.

hack in 2015. Hmm. I remember hearing about that one. Wasn't that a direct hit on the U.S. government? Exactly. It was a direct assault on the U.S. government's human resources department. Over 21 million current and former federal employees had their information stolen, including detailed security clearance forms. This wasn't just a data breach. It was a national security nightmare.

And let me guess, the data never showed up for sale? You've got it. Because for foreign intelligence agencies, that kind of information is priceless. It gives them insights into the personal lives of people with access to national secrets. It's like they're building a playbook for future espionage operations. This is all sounding very cloak and dagger, but not all breaches are like this, right?

Host (24:26.389)
I mean, we do see stolen data for sale sometimes. Absolutely. Take the AT &T breach in 2024. Personal information of over 70 million customers was leaked and promptly appeared on the dark web available to the highest bidder. In that case, it was all about the money. It's a stark contrast to these state sponsored attacks. So how much does this kind of data actually sell for on the dark web? Well,

According to some reports, stolen data can sell for anywhere between $75 to $250 per person's data set. Now, if you do the math on these massive breaches, we've been discussing Anthem, Marriott, OPM, and Equifax. You're looking at potential dark web sales in the billions of dollars. That's if it was being sold, which it wasn't. Those are staggering numbers.

It really puts into perspective why companies and governments are such tempting targets. But let's circle back to detection for a moment. How are these breaches eventually discovered? That's a great question. In many cases, it's not until long after the initial breach. For example, in the Equifax case, the breach occurred in May 2017, but it wasn't discovered until July of that year. That's two months of undetected access.

And remember, with Marriott, it was four years. So what can companies do to improve their detection capabilities? There are several strategies. Implementing robust network monitoring systems, regularly conducting security audits, and using artificial intelligence and machine learning to detect anomalous behavior are all crucial. But perhaps most importantly,

companies need to foster a culture of security awareness among their employees. Speaking of employees, you mentioned earlier that the Anthem breach started with a phishing email. How common is that as an entry point for these attacks? It's incredibly common. In fact, phishing remains one of the most effective ways for hackers to gain initial access to a system. In the Anthem case, hackers sent targeted

Host (26:50.427)
emails to employees, tricking them into clicking malicious links or downloading malware. This gave them a foothold in the network from which they could expand their access. Well, that's certainly eye-opening. But what about the aftermath? Are there consequences for these companies when they fail to protect our data? absolutely. Take Anthem, for example. They ended up settling with the Department of Health and Human Services.

for 16 million, the largest HIPAA settlement in history at that time. They also faced about 100 private class action lawsuits. Equifax too faced massive fallout. They agreed to pay up to $700 million to settle federal and state investigations. Those are some hefty fines. But what about the state-sponsored hackers? Are they ever brought to justice? It's rare, but it does happen.

In the Equifax case, US Department of Justice indicted four members of China's military. For the OPM breach, a Chinese national named Yu Ping'en was arrested for providing the malware used in the attack. He ended up pleading guilty and was deported back to China. It sounds like a game of international cat and mouse, but let's bring this back to the individual level. What can we?

as regular people do to protect ourselves? That's the million dollar question. While we can't control how companies handle our data, we can take steps to minimize our risk using strong, unique passwords for each account, enabling two-factor authentication, and being cautious about the information we share online are all good starts. But perhaps most importantly, we need to stay informed and vigilant.

And I suppose being aware of these different types of breaches helps us understand the potential risks better. Absolutely. Knowledge is power. Understanding that not all breaches are equal, that sometimes our data might be in the hands of state actors rather than cyber criminals, can help us make more informed decisions about our digital lives.

Host (29:10.825)
It also underscores the importance of pressuring companies and governments to take cybersecurity seriously. It's a lot to take in, but it's fascinating stuff. And it really changes how you look at those data breach notifications, doesn't it? It sure does. Next time you hear about a major breach where the data doesn't show up for sale, you might wonder, is this just another theft or is it part of something bigger? A silent

war fought with bits and bites instead of bullets. And to think, most of us are blissfully unaware of this digital battlefield. It's both fascinating and unsettling. That's the world we live in now. Our personal information has become a commodity, not just for criminals, but for nations. It's a brave new digital world and we're all just trying to navigate it as best we can.

The key is to stay informed, stay vigilant, and remember that in the digital age, your data is more valuable than you might think. Not just to you, but to forces you might never see or hear about. Well, on that note, I think we've given our listeners plenty to think about. Any final thoughts before we wrap up? Just this, as we move forward in this increasingly digital world.

It's crucial that we all take responsibility for our own cybersecurity, but we also need to hold companies and governments accountable for protecting our data. After all, in many cases, we don't have a choice about who holds our information. So let's stay informed, stay vigilant, and keep pushing for better security practices across the board. Wise words indeed. And with that, we'll bring this episode to a close.

Thanks for joining us on this deep dive into the world of data breaches and digital espionage. Until next time, stay safe out there, both in the real world and the digital one. And remember, in the world of data breaches, what you don't see might be more important than what you do.

Host (31:28.875)
Well that wraps this up. Thank you for joining us. We hope you enjoyed our episode. The next one is coming right up. We appreciate you making this an award winning podcast and downloading on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and we thank you for watching.

Host (00:00.256)
you

Host (00:16.342)
Join us as we go behind the scenes of today's most notorious cybercrime, translating cybersecurity into everyday language that's practical and easy to understand. appreciate you making this an award winning podcast by downloading our episodes on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and now the show.

Host (00:55.32)
data breach? Well, when you read about data breaches in the news, your data almost immediately gets listed for sale on the dark web. The dark web operates just like the internet and is accessible through some special tools, but it has no filters, has no indexing, and it's completely anonymous. But on there, it operates just like a business. It looks very much like the regular internet that most of us are used to.

It has marketplaces kind of like Amazon, except for illegal things like guns, drugs, malware, like ransomware and yes, stolen data. So how much does your data sell for? The answer is it sells for a lot. For example, between 25 and $500 per record, depending on the type for online banking logins.

so I could literally go and buy and log into your bank just as you and have full access to your life savings, it's about 50 bucks to a hundred dollars. That's it. For full identity profiles, they're called FOLLS. They sell between a hundred dollars or more. For medical records, which can be used for a lot of things, they sell between 250 to $500 or more.

So when you hear about these data breaches in the news and there's hundreds of thousands or millions of records stolen, multiply that times the 50 to $500 per record set. And you have tens of millions of dollars for sale almost immediately right after a data breach. So now you know.

But here's a twist. What if I told you that some of the biggest data breaches in history worth hundreds of millions of dollars if that data gets sold on the dark web, never got sold at all. It was never placed for sale on the dark web. Why? Why would they go through all of that and then not capitalize on

Host (03:07.679)
As it turns out, these historic massive breaches worth hundreds of millions of dollars just sitting there for the click of a mouse to make that money.

Those sales of that stolen data never happened. Who would give up that massive payday, that yacht, that private island, never having to work again another day in their life? Who would choose not to do that when it's literally the click of a mouse? Why would they not do it? That's the subject of today's episode. This is the story.

of why not all cyber attacks are equal.

you

Host (04:00.313)
Data breaches, they are always in the news. But what do we really understand about them? Well, we hear about phishing emails, and we hear about social engineering, but what do we do? We roll our eyes. I mean, WE think we can spot them, but the data shows that we do not. Exactly, David. In fact,

New reports show that over 83 % of all breaches are caused by either social engineering or phishing. And that is insane. It gets worse. Did you know that an IBM report shows that threat actors have been inside your network on average for more than six months? Really? Yes, and during that time they are completely undetected. Undetected? Completely undetected. So what about the IT companies they hire?

What about all the tech systems and servers and cloud infrastructure they buy? All that money invested? Great question. Well, while IT support and network operations are needed, it still gives organizations zero visibility into a hacker hiding in plain sight inside their network. They remain undetected unless they engage specific security service.

Most organizations have zero visibility. Zero visibility into catching a bad guy when they are sitting there for over six months. That's a crazy long time. I know. So I got to ask why is that? Well, how do I say this? The answer can be a little complicated. So let me translate it. Please. There's a difference between IT support and security services.

Eye-to-support is needed to keep things humming along so an organization can be productive. But security operations do something totally different. They threat hunt. They search for network movement and evaluate the same technology, but in a different way. They use different software and systems to search for bad guys. An analogy someone told me once.

Host (06:20.438)
may help explain it. In a kitchen, if the dishwasher has a leak behind the counter, a slow leak, and over six months it does a ton of terrible damage, like causing mold and wood and drywall damage, what happens to the homeowner? They have to tear out the walls and cabinets. It's major, right? Right. That's because while people were cleaning the counters, putting up the dishes, cleaning the floors, and keeping things operational so we could enjoy the kitchen,

Nobody had special tools search behind the appliances looking for errors or damages that were otherwise undetectable for six months. So that's why we say not all breaches are created equal. When someone detects things right away, they can plug the leak in minutes, not months. And there is no, or at least very little damage. Makes sense. So circling back around,

to actual breaches, what happens after one occurs? The bad guys steal the data and sell it for massive profits on the dark web, right? Exactly. Have you ever wondered why some of the most significant data breaches in history didn't lead to your personal information being sold on the dark web? Why did the stolen data from breaches like Anthem, Starwood, Marriott, the OPM breach, and the infamous Equifax breach

vanish into the ether, while other breaches see data auctioned off to the highest bidder. Let's talk about these four breaches since they all have one major thing in common. Oh, I remember some of them. I know about the Anthem breach. I live in Indianapolis and remember it. In 2015, Anthem, a titan in the health insurance realm, fell victim to a cyber attack that

compromised the personal information of nearly 80 million individuals. Names, social security numbers, birth dates, all the keys to one's identity were stolen. Yet curiously, this trove never surfaced on the dark web. Investigations pointed towards sophisticated state-sponsored actors with fingers directed at China, the motive. Not financial gain, but the quiet accumulation of data.

Host (08:44.311)
for intelligence purposes weaving together profiles for future endeavors. The Anthem data breach occurred when hackers gained access to Anthem systems through a very simple attack, a phishing email. Think you can spot one and it's obvious? Think again, hackers here were sending targeted emails to employees, which allowed them to infiltrate the network and steal sensitive personal information from millions of customers.

including names, dates of birth, addresses, and social security numbers. This breach is considered one of the largest healthcare data breaches in history. Hackers used spear phishing emails to target Anthem employees, tricking them into clicking malicious links or downloading malware, which gave them access to the company's network. The breach affected approximately 80 million current and former Anthem customers.

exposing sensitive personal information like names, social security numbers, and medical records. you all started freezing your credit too? Come on, man.

Host (10:14.345)
Excellent. Okay, tell me about the Marriott breach. What happened there? Well, there was several. The hospitality giant Marriott International discovered in 2018 that its subsidiary, Starwood, had been under siege since 2014. The breach affected approximately 500 million guests, exposing information ranging from contact details to passport numbers. Despite the scale, this data too remained absent.

from illicit markets. Analysts said the hackers were aiming to amass data on global travelers. The Starwood Marriott data breach was caused by multiple cyber attacks that exploited a variety of vulnerabilities, including outdated software, inadequate access controls, and a lack of multi-factor authentication. In 2014, a malicious actor compromised a Starwood web server

and installed malware on hundreds of systems across dozens of properties. The attacker gained access to administrative credentials and remained active for over four years. Wait, what? Over four years? Over four freaking years. Holy crap. After the 2014 breach, there was another one in 2015. In that year, Starwood disclosed a 14-month data breach that occurred after announcing

It's acquisition by Marriott. Then again in 2022, a hacking group used social engineering, phishing and phone calls to steal passwords and access Marriott's internal systems. The hackers stole 20 gigabytes of customer data, including personal information and credit card numbers. Holy cow, that is a lot of issues for one company. Yep.

The attackers used a remote access Trojan rat and an open source tool called Mimicats. The rat allowed the attacker to remotely access a computer while Mimicats searched a system's memory for user credentials. Why did it happen? Experts say that Marriott's failure to implement

Host (12:30.443)
Reasonable data security led to three large data breaches that impacted more than 344 million customers worldwide. The company agreed to a settlement with the FTC and was required to implement a robust information security program. So what happened in the OPM breach and what does OPM stand for again? The Office of Personnel Management OPM breach in 2015 was a direct assault

on the US government's human resources department. Sensitive information of over 21 million current and former federal employees, including detailed security clearance forms, was exfiltrated. This breach was a jackpot for foreign intelligence, providing insights into the personal lives of those with access to national secrets. Third-party contractors working with OPM contributed to the weak security controls

The breach involved multiple hackers, including one who used a contractor's credentials to install malware and create a backdoor to the network. The hackers stole sensitive information such as names, birth dates, addresses, and social security numbers. The OPM data breach occurred primarily due to poor cybersecurity practices

within the office of personnel management, including inadequate network security, lack of multi-factor authentication, and failure to properly address security vulnerabilities, which allowed hackers to gain access to sensitive employee data, like social security numbers through compromised credentials, likely obtained through social engineering tactics, and then install malware to exfiltrate large amounts of information from the system.

That's a lot of data and healthcare records to boot. That fetches a high dollar amount on the dark web. Yep. Okay. We will get to that in just a second because it's quite shocking actually. So let's jump into and explore the Equifax breach. I can explain this one. If that's okay. Please do. So everyone here in the US has a FICO score and Equifax is one of the three major credit bureaus that keep track of all your spending. All of it to give you that FICO score.

Host (14:56.587)
So they held everything, all credit card charges, all utility bills, mortgages, car payments, everything. Yep, exactly. In 2017, Equifax, one of the major credit reporting agencies, suffered a breach that exposed the personal information of 147 million people. Given the nature of the data, social security numbers, birth dates, addresses, one would expect it to flood dark web marketplaces. Yet it remained conspicuously absent.

The US Department of Justice later indicted four members of China's military for the hack, suggesting the intent was to gather economic intelligence rather than immediate financial exploitation. The Equifax data breach occurred primarily because the company failed to install a critical security patch on its Apache Strut software, which allowed hackers to gain access to their systems and steal sensitive consumer data like names, social security numbers, and credit card details. This vulnerability was known to Equifax.

but they did not apply the necessary patch in a timely manner, leaving a significant security gap that attackers exploited. Great explanation. Yep, exactly. The primary cause was a known vulnerability in the Apache Struts software that Equifax used, which they were notified about and should have patched, but did not. And a key fact here is the delay in detection.

Remember how we mentioned hackers are inside networks for over six months on average, completely undetected. Yep. Did that happen here? Yep. Despite the breach occurring in May, 2017, Equifax didn't discover it until July, 2017, allowing hackers to access sensitive data for a prolonged period. Here they were inside their systems undetected. Exactly.

breach affected millions of consumers, exposing personal information like names, addresses, dates of birth and social security numbers. There was also alleged criminal actions by the executive leadership team in Ho. They handled the breach and the CEO later was forced to resign. Yep, it was a shit show. They are the poster child for what not to do in preparing for and handling a data breach. So I have to ask

Host (17:16.749)
How much did all these breaches go for on the dark web when the hackers sold the treasure trove of data that steal in these four major beaches? How much did it go for? Yep. Like, don't medical records sell for a higher amount and other records less. So there are some general ranges. Exactly. Generally, health care records sell for around $202 per set in that range.

Other record sets go for between $7520 on many of the dark web marketplaces or ransomware and leak sites. I'm getting my calculator out. we are going to do some EMATH, are we? You know it. Okay. And? And these would have sold for hundreds of millions of dollars online. So what was the amount? Curious minds demand to know. Glad you asked. And?

Well, you want the answer. Yes. The answer is zero. Wait, what? I don't understand. Imagine if the stolen information never hits the dark web. Today, we're diving into a digital underworld where your data might be more valuable to spies than criminals. Hmm. What exactly are we talking about here? Well, we're exploring why not all data breaches are created equal.

It's a fascinating subject that touches on cyber security, international espionage, and the dark underbelly of the internet. You know, some of the biggest data breaches in recent history didn't result in our personal information being sold on the dark web. It's counterintuitive, isn't it? That's certainly surprising. You'd think with all that valuable data, cyber criminals would be having a field day. But you're saying that's not always the case? Exactly.

Let's start with the Anthem breach back in 2015. was massive. Nearly 80 million people had their personal information stolen. We're talking everything from names and social security numbers to birth dates. But here's the kicker. None of that information ever showed up for sale on the dark web. So what happened to all that data? It didn't just vanish into thin air, right? You're right. It didn't.

Host (19:38.315)
Investigations pointed towards sophisticated state-sponsored actors, with China being the prime suspect. The theory is that they weren't after quick financial gain. Instead, they were quietly building profiles for future intelligence operations. so you're saying this wasn't about making a quick buck, but more about long-term strategic goals? Precisely. And it's not just Anthem. Remember the Starwood

Marriott breach in 2018. That affected about 500 million guests. Everything from contact details to passport numbers was exposed, but again, none of it showed up on the dark web markets. Let me guess, another case of state-sponsored hacking? You've got it. Analysts believe the hackers were more interested in gathering data on global travelers. It's all about building those comprehensive profiles.

But here's where it gets even more interesting. The Starwood Marriott breach wasn't just a one-time thing. The attackers had been in their systems since 2014, and it wasn't discovered until 2018. Four years of undetected access? That's terrifying. How does that even happen? Well, it often comes down to sophisticated tactics and poor security practices.

In the Starwood case, the attackers used a remote access trojan and tools to search for user credentials in the system's memory. They're not just breaking in, they're setting up shop and making themselves at home in these networks. So it's like they're squatting in these systems, quietly gathering data for years. But surely someone must have noticed something was off? You'd think so, but these attackers are incredibly skilled at covering their tracks.

and it's not always high tech either. In the Anthem breach, it all started with a simple phishing email. An employee clicked on a malicious link and that was all it took to start the breach. That really highlights how important cybersecurity training is for employees. But what about the companies themselves? Surely they bear some responsibility? Absolutely. Take Equifax, for example.

Host (21:59.994)
Their 2017 breach exposed the personal information of 147 million people and it all came down to a failure to install a critical security patch. They knew about the vulnerability in their Apache Struts software but didn't apply the patch in time. That's incredibly frustrating. It's one thing when it's a sophisticated state sponsored attack but to leave the door wide open like that. It's almost negligent.

It's a stark reminder of how important basic security practices are. But here's where it gets even more interesting. Even though this was clearly a case of negligence, the stolen Equifax data didn't end up for sale either. The U.S. Department of Justice later indicted four members of China's military for the hack. So we're seeing a pattern here. These massive breaches, often due to simple mistakes or oversights,

are being exploited not by common criminals, but by state actors. It's like there's this whole shadow war going on that most of us never see. That's a great way to put it. And it's not just China. These state-sponsored attacks are coming from various countries, all vying for information and strategic advantage. But let's talk about another significant breach, the Office of Personnel Management, OPM.

hack in 2015. Hmm. I remember hearing about that one. Wasn't that a direct hit on the U.S. government? Exactly. It was a direct assault on the U.S. government's human resources department. Over 21 million current and former federal employees had their information stolen, including detailed security clearance forms. This wasn't just a data breach. It was a national security nightmare.

And let me guess, the data never showed up for sale? You've got it. Because for foreign intelligence agencies, that kind of information is priceless. It gives them insights into the personal lives of people with access to national secrets. It's like they're building a playbook for future espionage operations. This is all sounding very cloak and dagger, but not all breaches are like this, right?

Host (24:26.389)
I mean, we do see stolen data for sale sometimes. Absolutely. Take the AT &T breach in 2024. Personal information of over 70 million customers was leaked and promptly appeared on the dark web available to the highest bidder. In that case, it was all about the money. It's a stark contrast to these state sponsored attacks. So how much does this kind of data actually sell for on the dark web? Well,

According to some reports, stolen data can sell for anywhere between $75 to $250 per person's data set. Now, if you do the math on these massive breaches, we've been discussing Anthem, Marriott, OPM, and Equifax. You're looking at potential dark web sales in the billions of dollars. That's if it was being sold, which it wasn't. Those are staggering numbers.

It really puts into perspective why companies and governments are such tempting targets. But let's circle back to detection for a moment. How are these breaches eventually discovered? That's a great question. In many cases, it's not until long after the initial breach. For example, in the Equifax case, the breach occurred in May 2017, but it wasn't discovered until July of that year. That's two months of undetected access.

And remember, with Marriott, it was four years. So what can companies do to improve their detection capabilities? There are several strategies. Implementing robust network monitoring systems, regularly conducting security audits, and using artificial intelligence and machine learning to detect anomalous behavior are all crucial. But perhaps most importantly,

companies need to foster a culture of security awareness among their employees. Speaking of employees, you mentioned earlier that the Anthem breach started with a phishing email. How common is that as an entry point for these attacks? It's incredibly common. In fact, phishing remains one of the most effective ways for hackers to gain initial access to a system. In the Anthem case, hackers sent targeted

Host (26:50.427)
emails to employees, tricking them into clicking malicious links or downloading malware. This gave them a foothold in the network from which they could expand their access. Well, that's certainly eye-opening. But what about the aftermath? Are there consequences for these companies when they fail to protect our data? absolutely. Take Anthem, for example. They ended up settling with the Department of Health and Human Services.

for 16 million, the largest HIPAA settlement in history at that time. They also faced about 100 private class action lawsuits. Equifax too faced massive fallout. They agreed to pay up to $700 million to settle federal and state investigations. Those are some hefty fines. But what about the state-sponsored hackers? Are they ever brought to justice? It's rare, but it does happen.

In the Equifax case, US Department of Justice indicted four members of China's military. For the OPM breach, a Chinese national named Yu Ping'en was arrested for providing the malware used in the attack. He ended up pleading guilty and was deported back to China. It sounds like a game of international cat and mouse, but let's bring this back to the individual level. What can we?

as regular people do to protect ourselves? That's the million dollar question. While we can't control how companies handle our data, we can take steps to minimize our risk using strong, unique passwords for each account, enabling two-factor authentication, and being cautious about the information we share online are all good starts. But perhaps most importantly, we need to stay informed and vigilant.

And I suppose being aware of these different types of breaches helps us understand the potential risks better. Absolutely. Knowledge is power. Understanding that not all breaches are equal, that sometimes our data might be in the hands of state actors rather than cyber criminals, can help us make more informed decisions about our digital lives.

Host (29:10.825)
It also underscores the importance of pressuring companies and governments to take cybersecurity seriously. It's a lot to take in, but it's fascinating stuff. And it really changes how you look at those data breach notifications, doesn't it? It sure does. Next time you hear about a major breach where the data doesn't show up for sale, you might wonder, is this just another theft or is it part of something bigger? A silent

war fought with bits and bites instead of bullets. And to think, most of us are blissfully unaware of this digital battlefield. It's both fascinating and unsettling. That's the world we live in now. Our personal information has become a commodity, not just for criminals, but for nations. It's a brave new digital world and we're all just trying to navigate it as best we can.

The key is to stay informed, stay vigilant, and remember that in the digital age, your data is more valuable than you might think. Not just to you, but to forces you might never see or hear about. Well, on that note, I think we've given our listeners plenty to think about. Any final thoughts before we wrap up? Just this, as we move forward in this increasingly digital world.

It's crucial that we all take responsibility for our own cybersecurity, but we also need to hold companies and governments accountable for protecting our data. After all, in many cases, we don't have a choice about who holds our information. So let's stay informed, stay vigilant, and keep pushing for better security practices across the board. Wise words indeed. And with that, we'll bring this episode to a close.

Thanks for joining us on this deep dive into the world of data breaches and digital espionage. Until next time, stay safe out there, both in the real world and the digital one. And remember, in the world of data breaches, what you don't see might be more important than what you do.

Host (31:28.875)
Well that wraps this up. Thank you for joining us. We hope you enjoyed our episode. The next one is coming right up. We appreciate you making this an award winning podcast and downloading on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and we thank you for watching.