By Kondjeni Ndakeva and Leake Ileka
You wake up one morning, check your email, and see a notification that your bank account has been accessed from a foreign country.
You scramble to check your transactions, only to realise that money has already been transferred out. How did this happen?
The truth is, your data may have been stolen long before you noticed, sold to the highest bidder in the hidden corners of the internet.
In Namibia, while cyberattacks have become an increasingly concerning threat, many individuals and organizations remain unaware of the processes and implications that follow once their sensitive information has been compromised.
Understanding what happens to breached data is essential to grasp the full extent of the risks posed by such incidents.
This article explores the life cycle of stolen data, shedding light on the dark world of cybercrime and the number one step individuals can take to protect themselves.
Reasons Behind Data Stealing
The most popular and most obvious reason is financial gain. According to a Verizon Data Breach Investigations Report (2023), approximately 95% of cyberattacks are financially motivated.
However, hackers are not always after money. Some seek fame and recognition, while others view hacking as a sport. Disgruntled ex-employees have also been known to engage in cybercrime for revenge.
How Stolen Data is Used
After a data breach, stolen information often finds its way to the dark web. The dark web is a concealed part of the internet not accessible through standard browsers.
Cybercriminals transact stolen data on the dark web using cryptocurrencies, such as Bitcoin, to maintain anonymity during these illicit exchanges. The buyers then exploit this information for various malicious activities, such as identity theft, unauthorized financial transactions, or further cyberattacks.
The following are some of the key criminal activities facilitated by the exploitation of stolen data:
1. Identity theft and financial fraud: Your personal information can be used by sophisticated criminals who trade on the dark web and are involved in the business of selling fake identification documents and passports. Leaked information or data can be used by online romance scammers to create catfish accounts on social media platforms and dating apps to trick vulnerable people into giving them money.
Identity theft can lead to some financial losses as follows:
● Loan and credit applications: Hackers can use your identity to apply for loans, credit cards etc.
● Payment card Information: Stolen card details can result in immediate transfers or online purchases from online shops.
2. Password Cracking: Cybercriminals can use a cracking mechanism called brute force to crack passwords. Since the hackers have access to your email and usernames, they can use this method to crack passwords to other platforms you have signed up for by guessing your passwords using multiple passwords at their disposal.
3. Phishing and Business Email Compromise (BEC) Scams:
● Phishing refers to a deceptive tactic used by attackers to steal sensitive personal information, such as passwords or financial details, by posing as legitimate entities. In Namibia, this might involve receiving fake emails from what appear to be local banks, government agencies, or trusted service providers.
● BEC, on the other hand, is a sophisticated scam where attackers gain access to an email account and impersonate a trusted executive or business partner. They use this false identity to deceive employees into authorizing fraudulent electronic fund transfers.
4. Blackmail and extortion: Anyone who has access to your cloud platforms such as email accounts and data storage platforms like iCloud, Google Drive etc. can have access to your private photos and videos, which they can use to blackmail you into giving them money. Your private and personal information like email address, location, photos and phone messages can be shared on the internet exposing you to the risk of harassment and threats.
5. Intellectual Property (IP) Theft: Cybercriminals infiltrate databases to steal valuable intellectual property, including trade secrets, patents, and proprietary information.
This stolen IP is often used for reverse engineering or sold to competitors, potentially disrupting market dynamics and causing significant economic harm to the original owners. The theft of IP can undermine innovation and competitiveness, as it allows unauthorized parties to exploit sensitive information for their own gain.
Regularly Change Your Passwords
One of the most effective and accessible strategies for individuals is to regularly update passwords and log-in information associated with online accounts and emails. This practice significantly reduces the risk of password cracking and unauthorized access to sensitive information.
Use Two Factor Authentications or Multi-factor Authentication mechanisms, this prevents anyone who has access to your password from logging into your accounts as there is a need of double authentication by means of third-party authentication apps or an SMS to your cellphone number.
A notable example underscoring the importance of robust password management is the Canva data breach in May 2019. Hackers exploited vulnerabilities in Canva’s systems, compromising approximately 137 million user accounts worldwide. The data breach exposed email addresses, usernames, names, cities of residence, and passwords.
In response, Canva took immediate action to secure user accounts by resetting passwords and enhancing its security infrastructure. Canva also urged users to change their passwords, especially if they used the same credentials on other platforms.
This proactive approach not only mitigated potential damage but also set a precedent for robust cybersecurity measures in the face of evolving threats.
Conclusion
Not all cyberattacks can be stopped, but we can play a major role in preventing becoming easy targets of cybercrimes once our data is stolen. While no method is foolproof, proactively and regularly changing passwords and using a multi-factor authentication mechanism is a straightforward yet powerful tool in the fight against cyber threats.
It is time for organizations and individuals to strictly lock down their data and prevent unwanted and unauthorized access to their data. Protecting information is a shared responsibility among individuals and organizations.
With the heightened cyberattacks on Namibia cyberspace, we can only be vigilant and apply the most stringent ways to protect ourselves.
*Kondjeni Ndakeva is a Data Scientist, Software Developer and Database Administrator with a master’s degree in data science. He is passionate about leveraging data to drive impactful decisions and enhance democratic accountability in Namibia.
*Leake Ileka is a Chevening Alumnus and 2024 graduate of Bournemouth University, England, where he completed his Master’s in Intellectual Property Law.
