THE BITGLASS “WHERE’S YOUR DATA?” EXPERIMENTWho’s Keeping tabs on your data?BITGLASS REPORT

Visibility into where sensitive data is travelling has neverbeen so crucial. With breaches like Target, Home Depot,JP Morgan, Sony and Anthem - the ability to track datais a necessity.

Today, the majority of breaches stem from malware andhacks, which make up 53% of all breaches. Shockingly,it takes 205 days before the average breach is finallyrecognized and snuffed out. Given this ability for cybercriminals to stay one step ahead of IT heroes, it’s only amatter of time until the next newsworthy breach hits themainstream headlines (Premera, anyone?).

Did you ever wonder what happens to all of thatsensitive data once it is actually stolen? Does it simply siton a hacker’s device collecting digital dust, is it sharedwith friends, or is it sold off on the black market to thehighest Bitcoin bidder? In January 2015, Bitglass set forthon a mission to answer the question, “where is your data?”

The challenge? Daunting. The findings? Fascinating.

Avg. days to discover breach

The Bitglass “Where’s Your Data?” Experiment

The Story

53%

205

OF BREACHESSTEM FROMMALWARE& HACKS

Page 2© 2015 BITGLASS, INC.

Whether files are downloadedfrom your email provider or sentas an attachment, Bitglass allowsenterprises to watermark their fileswith a unique fingerprint thatidentifies who downloaded thefile, from what device and whenthe transaction occurred. Oncewatermarked, the Bitglassservice is notified every time thatfile is accessed, allowing you totrack corporate data anywhereit goes. The watermark persistseven if sections of the documentare copied over to anotherdocument. All tracking data canbe viewed via the Bitglasscustomer portal.

?

?

ALLOWS ENTERPRISES TO MAINTAIN

CONTROL & VISIBILITY

WHAT IS THE “DARKWEB”?

Bitglass’ data tracking and watermarking technologies allowenterprises to track their data anywhere it goes. Key foundationaltechnology in-hand, we conducted the world’s first data trackingexperiment in the Dark Web, using common hacker techniques totarget our unsuspecting criminal victims.

Bitglass’ security research team wrote a tool to generate severalthousand very real looking names, social security numbers, credit cardnumbers, addresses, phone numbers, and more. We saved this data toan Excel spreadsheet, creating versions with different names to findwhich was the best criminal click bait. This was world’s first A/B test forstolen credit card numbers on the Dark Web.

The files were downloaded through the Bitglass proxy service, where aunique watermark was applied to each copy, ensuring that from thatpoint forward, it would call back to Bitglass each time the data wasviewed and/or downloaded.

The next step? Finding takers (and it turns outthere were plenty). We used a common hackertactic called “phishing” to entice criminals intotaking the bait. To do that, we went wherethey hang out - the Dark Web.

The Dark Web is a part of the web not indexed by Google and otherpopular search engines and estimated to be about 500 times largerthan the normal Internet. Getting to and using the Dark Web requiresa new set of tools, but your primary weapon is ToR and a ToR browser,cyber criminals’ system du jour for anonymity online.

The Bitglass “Where’s Your Data?” Experiment

© 2015 BITGLASS, INC. Page 3

The TECHNOLOGY

BEHIND THE SCENES

The speed at which the bait was taken was staggering. Inthe first few days, the data had reached over 5 countries, 3continents and was viewed over 200 times... by 12 days ithad received over 1,081 clicks, and had spread across theglobe to 22 different countries, in 5 different continents. Bythe end of the experiment the fake document of employeedata had made its way to North America, South America,Asia, Europe, and Africa.

Countries frequently associated with cyber criminal activity,including Russia, China and Brazil, were the most commonaccess points for the identity data. Additionally, time,location, and IP address analysis uncovered a high rate ofactivity amongst two groups of similar viewers, indicating thepossibility of two cyber crime syndicates, one operatingwithin Nigeria and the other in Russia.

Once sensitive data hasbeen stolen, there is no limit tohow far that data will travel,and how many differentpeople will get their virtualhands on it. Although the levelof access after just 12 dayswas extraordinary; imaginehow much further the datawould spread in 205 days, theaverage time it takes forenterprises to detect acorporate data breach.

But there is a light at the endot the tunnel. Even thoughbreaches are inevitable, thereare still ways of limiting thedamage that comes as aresult of them. The key is beingable to track and identifydata as it leaves yournetwork. Because without this,there is no telling who hasaccess to your data, or whatthey plan to do with it...

IMPLICATIONSFOR THE PUBLIC

COUNTRIES

CONTINENTS

1. US

2. Belgium

3. Brazil

4. Nigeria

5. Hong Kong

6. Spain

7. Germany

8. United Kingdom

9. France

10. Sweden

11. Finland

12. Maldives

13. New Zealand

14. Norway

15. Russian Federation

16. Netherlands

17. Czech Republic

18. Denmark

19. Italy

20. Canada

21. Turkey

22. Luxembourg

1. NORTH AMERICA

2. ASIA

3. EUROPE

4. AFRICA

5. SOUTH AMERICA

The fake Data Travelled to22 Different Countries and

5 of the world’s 7 Continents

The Bitglass “Where’s Your Data?” Experiment

© 2015 BITGLASS, INC. Page 4

THE FINDINGS

The Bitglass “Where’s Your Data?” Experiment

© 2015 BITGLASS, INC. Page 5

DATA BREACH DISCOVERY

LIMIT THE DAMAGE

ABOUT BITGLASS

Using proprietary threat intelligence and big data technologies, Bitglass Data Breach Discovery analyzes yourfirewall logs to identify suspect traffic in outbound data flows.Traffic leaving your network for suspect destinations isautomatically subject to deep inspection and assigned riskscores.

Bitglass Data Breach Discovery is available as a monthlysubscription service. No software to install - simply sign up forBitglass and upload your firewall log files to get analytics andreports on data breach risk in your organization.

In a world of applications and mobiledevices, IT must secure data that resides onthird-party servers and travels over third-partynetworks to employee-owned mobiledevices. Existing security technologies aresimply not suited to solving this task, sincethey are developed to secure the corporatenetwork perimeter. Bitglass is a Cloud AccessSecurity Broker that delivers innovativetechnologies that transcend the networkperimeter to deliver total data protection forthe enterprise - in the cloud, on mobiledevices and anywhere on the internet.

Bitglass was founded in 2013 by a team ofindustry veterans with a proven track recordof innovation and execution. Bitglass is basedin Silicon Valley and backed by venturecapital from NEA, Norwest and Singtel Innov8.

For more information, visitwww.bitglass.com

Phone: (408) 337-0190Email: info@bitglass.com

/bitglass

/bitglassinc

/+Bitglass

/bitglass-inc

from misuse& shadowIT

4%stem from

errors

17%

are from lost devices26%

malware & hackers53%

*California AG Breach Report 2014