Defense agencies top list of U.S. government with stolen data on darknet

Close up of laptop computer at OWL Cybersecurities — Vince Chandler, The Denver Post
OWL Cybersecurity in Denver built a searchable database that constantly scrapes the dark web where illegal data is shared and sold from credit card numbers and health records to child pornography, drugs and weapons.

By Tamara Chuang | The Denver Post

PUBLISHED: August 8, 2017 at 6:11 PM MDT

Getting your player ready...

OWL Cybersecurity

Read the OWL Cybersecurity Darknet Index: U.S. Government edition

U.S. defense agencies ranked higher than non-defense agencies for the amount of stolen data available in the online underworld where cyber criminals often hawk stolen credit cards, according to a .

From employee passwords to intellectual property, the amount of compromised data surprised Owl cyber sleuths . Data linked to the U.S. Navy, U.S. Army and Department of Defense had the three largest footprints on the darknet, though they were smaller than those of some major corporations scored in an earlier study.

“It wasn’t a surprise that it was out there. But what was surprising was the volume of data out there. It was also surprising that defense (agencies) had the highest amount,” said Andrew Lewman, Owl’s vice president who previously worked as executive director the Tor Project. “They’re very good at protecting our shores. … But they’re not so great about protecting their credentials.”

In many cases, defense workers reused work email addresses and passwords across military and personal accounts, like Pinterest, he said.

Owl Cybersecurity tracks how much stolen data is being sold in the darknet. For federal agencies, defense departments had the highest “Darknet Index Score” which includes frequency, amount and a proprietary “Hackishness” rating to determine that agency’s compromised footprint. In the past 90 days, Owl found data from 59 federal agencies on the darknet. Here are the top 10 and their Darknet score:

United States Navy, 16.59
United States Army 16.02
Department of Defense (aggregate) 15.12
Department of Justice (aggregate) 15.09
Department of Homeland Security 14.93
United States Marine Corps 14.47
National Aeronautics and Space Administration 13.60
Internal Revenue Service 13.31
Department of Veterans Affairs 13.09
Department of State 12.66

Source: Owl Cybersecurity

The U.S. Navy has not responded to a request for comment.

Owl, which helps customers secure their systems, said that it shared the results with the government agencies before the report became public on Tuesday. Some agencies expressed interest in learning more, he said.

Overall, 59 U.S. government agencies had compromised data on the darknet. By comparison, non-defense units like the Office of Personnel Management ranked at number 27. The same office had a , when 21.5 million current and former federal government workers learned that were stolen.

And in an earlier , Amazon topped the list with a “Darknet Index Score” of 19.16. That score tallies up total compromised data, its frequency and a proprietary “Hackishness” rating. Amazon also outscored the U.S. Navy, which had a score of 16.59.

To protect your own data, Lewman said sign up for credit monitoring if your data was compromised. And don’t use the same password for everything — use a password manager to create longer, complicated passwords.

“The enemy only needs one way in and they’ll take whatever they can get,” Lewman said.

��ap

More in Technology

Sports betting is changing the game for Colorado’s fans and athletes as big money adds new pressures

Colorado’s gamble on sports betting

How sports betting became Colorado’s ticket to funding $140 million in water conservation projects

Sports betting threatens to be Colorado’s ‘next big public health crisis’ if addiction isn’t addressed

����ap

Share this:

RevContent Feed

More in Technology

��ap