An Australian IT security firm has promised to alert clients to their stolen private information being found on the internet almost as quickly as it is posted.
With the number of data breaches increasing, the company also says it will try to remove stolen data from public view using a number of different means.
Pure Hacking, the security firm behind the new service, believes it is the first in the world to offer such a product.
It created the service, nicknamed Black Ops, after one of its financial services clients expressed concern about their confidential information being published on the internet and being used against them and their customers.
The technology behind the service searches not only the surface web for stolen data, such as account details, credit card details and sensitive documents, but also other parts not indexed by Google.
"I think that Google would only be able to index potentially about 10 per cent of the content available out on the internet," said Pure Hacking chief operating officer David Muscat.
Black Ops, which has been almost 18 months in the making, is able to go much deeper, indexing data sources not seen by Google, he said.
"I am quite confident that we'd be covering about ... 60 to 70 per cent plus of the content that's out there so far. We're trying to bump that figure up by continuous development."
James Turner, a security analyst at IBRS, said as data breaches grew there would be a need for something like Black Ops.
"I think there's definitely going to be an ongoing and probably an increasing need for people to find more ways of identifying whether they've had a data breach or not," he said.
"The interesting thing about this particular service is that it's not going to prevent a breach, but it's going to help you deal with one when you've identified that you've had one."
Whether companies would adopt the service depended on the "risk maturity and the appetite of the organisation and that understanding of what else can they do to protect their confidential and sensitive information", he said.
The technology works primarily by having logins to underground hacker forums, which are often used to post and sell stolen information. It also trawls Internet Relay Chat (IRC) channels used by hackers and any other sources requested by clients.
"I don't think it will entirely solve the problem of data breaches [but] I think it will help our clients [to] be a bit more aware when there are data breaches, so it can help them with the impact of those breaches," Muscat said.
However, the service is not a substitute for lack of security.
"If a site is vulnerable to a hack then it's not going to stop a website from being hacked and data [being] extracted ... and published out there [online]."
The service attempts to remove stolen data by contacting the abuse teams of websites or the site operator and requesting a take down.
=Muscat said sites often had rules banning the publication of stolen information, which helped with getting content removed.
"That's not always going to be 100 per cent effective, as you could imagine," he said. "Our requests could be blatantly ignored ... We concede the fact that the content is not always going to be removed and even if it were to be removed from one particular site there's nothing to stop either the site operator or the person who published the content from replicating it on a million other sites at the same time. [But] our service does constantly run away in the background. So if it does start appearing on other sites or other forums or anything of that nature we will pick it up."
He said some site operators claimed they were "unaware" of data being published on their site and removed it.
Pure Hacking's service costs about $2500 per month.
- FFX Aus