Bot markets are used by hackers to sell stolen data from victims’ devices with bot malware.
The study by NordVPN, of Lithuania’s Nord Security, said the stolen data included user logins, cookies, digital fingerprints, screenshots and other information, with the average price for the digital identity of a person pegged at 490 Indian rupees($5.95).
NordVPN tracked data for the past four years, ever since bot markets were launched in 2018.
India has been dealing with cyber security concerns for a while. As recently as last month, multiple servers of the All India Institute of Medical Sciences (AIIMS), a federal government hospital that caters to ministers, politicians and the general public, were infected on Nov. 23, a senior police official told Reuters.
A week after the ransomware attack on AIIMS, the Indian Council of Medical Research (ICMR) faced around 6,000 hacking attempts within 24 hours on November 30, Times of India reported.
Indian cybersecurity rules have tightened only earlier this year, with the Indian Computer Emergency Response Team (CERT) requiring tech companies to report data breaches within six hours of noticing such incidents and to maintain IT and communications logs for six months.
NordVPN’s study looked into three major bot markets – the Genesis market, the Russian Market, and 2Easy – and found stolen logins including those from Google, Microsoft and Facebook accounts.
“What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place,” said Marijus Briedis, chief technology officer at NordVPN.
“And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot.”
Researchers of NordVPN found 667 million cookies, 81,000 digital fingerprints, 538,000 auto-fill forms, numerous device screenshots, and webcam snaps in their study.