Most of us won’t know we’ve been hacked until we start getting the concerned phone calls from the bank.
Others will know because their computer has started acting up, while in extreme cases your computer might become infected with ransomware, locking your entire hard drive behind a paywall which you’ll need to pay.
For many though a hack will take place and they won’t even know it’s happened, begging the question: what do hackers actually do with the information they steal, and what do they steal?
University College London student Jeremiah Onaolapo and colleagues Enrico Mariconti and Gianluca Stringhini decided to find out exactly what happens when cybercriminals look to take control of a person’s email account.
As part of their study they created 100 ‘honey’ email accounts - fake emails which would have poor password protection (e.g. ‘123’, ‘password’, ‘name1989’) and within which they would populate with tantalising information.
The team then leaked the accounts through a variety of mediums and then waited to see what would happen.
Within just 25 days the accounts were accessed by users who were not the owner of the account.
Almost all of the cybercriminals that accessed those accounts were searching for specific words including:
- Results
- Bitcoin
- Family
- Seller
- Localbitcoins
- Account
- Payment
- Below
- Listed
- Transfer
Hackers will then access the account several times to monitor how active it is, each time searching for the same words.
Depending on their final goal they’ll then either sell the information they find onto larger, more sophisticated hacking groups or try and steal as much as they can in a ‘smash and grab’.
What the research team then found was the level of sophistication by each type of hacker.
For example, if the hacker had gained access to your email account via malware (a computer virus), then the likelihood is that they will hide their location by using the dark web service Tor, they’ll then look for personal information, and either sell it or move on.
Hackers that found the email logins through leak websites are often more careless, they’ll look for bank details and actually try and login close to your location in a bid to trick your email account into thinking it’s you.
Finally, attackers who accessed the accounts from underground forums made little or no attempts to stay stealthy, often resulting in detection by the account holder themselves.
The team have made all their findings publicly available in the hope that other researchers can expand on their own work.