White-Hat Malware
Published 04/29/2015
By Chris Hines, Product Marketing Manager, Bitglass
As many of you know, we recently released the results of the first ever data tracking experiment in the Dark Web. In the “Where’s Your Data?“ experiment, we used our patent-pending watermarking technology to embed invisible trackers within an excel spreadsheet of 1,568 fakes names, SSNs and credit card numbers. We then placed this spreadsheet in 8 locations within the Dark Web, and tracked where it travelled to and how fast it could spread. 12 days, 1,100 clicks, 47 downloads, 22 countries and 5 continents later we had our answer. In speaking with a few attendees at the RSA conference, it became clear that some folks viewed the experiment as malware (a typical response from some of security’s more apprehensive bunch). A typical question was, “so you essentially used malware against them?” I thought it was pretty funny, laughing as I explained more about the experiment to them, because they did have a fair point. If you really think about it, the watermark can be considered “malware-esque.” In actuality, it's a tool built to provide enterprises with visibility into where corporate data is travelling, so that they can act accordingly. Embedding hidden sprinkles within documents, and then extracting data as a result of it (in this case user, device type, location, time) does strike an uncanny resemblance though. I guess you can call it white-hat hacking. Today’s security world reminds me of the classic fantasy tales, where it seems like the bad guys always have the better gear (think Star Wars, Lord of The Rings, Fast and the Furious 7). Way cooler, way faster, way stronger, but the good guys always prevail. This watermark technology helps even the playing field a bit, giving the good guys a pretty badass weapon to fight back against the hackers and cyber criminals. And you know what? The industry deserves this. Too long have companies feared moving to the cloud. Too long have breaches gone unnoticed, affecting millions of customers in the process. It’s not fair to the people whose data has been lost. Today 53% of breaches are the result of malware. It’s about time we start shrinking that number considerably. As securers our job is to be a modern day blacksmith, forging technology that enterprises can use to protect themselves from the crooks. Happy to be working for a company that gets that.