Identity Theft Prevention
- Do you collect any of identity data?
- How Is This Different Than Normal Identity Monitoring?
- What identity data is protected?
- How is identity data protected?
- What cryptocurrency wallets are protected?
Do you collect any of identity data?
The short answer is no, we do not.
The longer answer, is, no we do not, but in two different ways:
First, we never transmit passwords, cookies, oauth tokens, or anything else that would be considered identity data to our Cyber Crucible servers. That is true whether the server is customer-hosted, or Cyber Crucible hosted.
Second, we learned to conduct behavioral analysis of identity information, without actually processing identity information. That means that our analytics are not actually processing or exposing sensitive data such as actual passwords, session tokens, etc.
How Is This Different Than Normal Identity Monitoring?
Cyber Crucible’s digital identity theft capability is proactive and preventative. It is preventing access to the information needed to conduct blackmail, extortion, and modern identity theft operations.
Traditional identity theft protection deals with passwords and other data in fraudsters' hands, and monitoring for things like fraudulent credit card usage, taking out fraudulent loans, or passwords eventually being found in data breaches. This is very reactive, and is difficult for customers to manage in their daily lives. It also opens the opportunity, which Cyber Crucible has observed, to blackmail individuals, and even coerce employees and executives into assisting the attackers to helping attack their employers.
There is a concerted effort by attackers to go after cookies, logins, messaging platforms, and other forms of authentication and private data to enable their attacks.
Cyber Crucible’s identity theft focused analytics prevent that, in a manner which provides authoritative behavioral decision making without user involvement, against modern extortion tactics and cybercriminal file-less attacks.
What identity data is protected?
Core Windows Operating System
NTDS (Active Directory)
Incubating feature that will continue to improve
VPN client credentials
usernames
passwords
key-based authentication
Web Browsers
cookies
refresh tokens (“remember me” authentication tokens)
oAuth tokens (session tokens, access tokens)
passwords
usernames
browser history
Collaboration & Messaging Applications
contacts
userrnames
chat histories
saved chat contents
saved chat attachments
private messaging encryption keys
passwords
oauth tokens (session tokens, access tokens, refresh tokens)
Crypto Wallets
wallet contents
transaction records
passwords
encryption keys
Gaming:
Incubating - currently only Steam
passwords
purchases
credentials
usernames
oAuth tokens (session tokens, access tokens, refresh tokens)
File Sharing:
Incubating - currently only FileZilla
passwords
purchases
credentials
usernames
key-based authentication
servers & server settings
How is identity data protected?
What cryptocurrency wallets are protected?
Coinomi
Armory (“Bitcoin Armory”)
Electrum
Exodus
Guarda