Weaponizing of the insider in the Dark Web, a dangerous phenomenon

Pierluigi Paganini February 01, 2017

A study revealed how hackers in the dark web are arming insiders with the tools and knowledge necessary to help steal corporate secrets.

The dark web is the right place where to buy and sell corporate secrets, experts at the risk management firm RedOwl and Israeli threat intelligence firm IntSights made an interesting research titled “Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web.

The research is disconcerting, hackers are operating services in the dark web to arm insiders with the tools and knowledge necessary to help steal corporate secrets, commit fraud, and conduct other illegal activities without leaving any tracks.

The researchers accessed the hidden service Kick Ass Marketplace (http://kickassugvgoftuk.onion/) and collected evidence of staff offering for sale internal corporate secrets to hackers, in some the unfaithful staff offered its support to attackers to compromise the network of their company.

Dark Web

The research revealed that at least in one case, someone at an unnamed bank was helping crooks to remain hidden in the corporate networks by using a malicious code.

The subscription for the service is of up to one bitcoin a month for access to corporate information offered in various threads.

The administrator of the service who goes with online moniker “h3x,” claimed that Kick Ass Marketplace has seven administrators, three hackers and two trading analysts that check the integrity of stolen data.

Months ago, the administrator claimed that its service boasted 15 investment firm members and 25 subscribers.

According to the researchers, the Kick Ass Marketplace is posting about five high confidence insider trading reports a week that allows the hidden service to pulls roughly US$35,800 a week. The analysis of the associated bitcoin wallet confirmed a total of 184 bitcoins that accounts for US$179,814.

The researchers also analyzed another hidden service dubbed The Stock Insiders (http://b34xhb2kjf3nbuyk.onion.to/) that allows its clients to recruit retail staff as mules to help cash out stolen credit cards for reliably-resellable goods like Apple iPhones.

” Another forum (see Figure 3), called “The Stock Insiders,” is also dedicated solely to insider trading. The forum was opened in April 2016. Its objective was to “…create a long-term and well-selected community of gentlemen who confidently exchange insider information about publicly traded companies.” 

The report is very interesting, it includes posts used by crooks to recruits money mule in charge of cashing out the stolen card data buy goods.

Below key findings of the report:

“By studying dark web forums focused on recruiting and collaborating with insiders, we found:

The recruitment of insiders within the dark web is active and growing. We saw forum discussions and insider outreach nearly double from 2015 to 2016.

The dark web has created a market for employees to easily monetize insider access. Currently, the dark web serves as a vehicle insiders use to “cash out” on their services through insider trading and payment for stolen credit cards.

Sophisticated threat actors use the dark web to find and engage insiders to help place malware behind an organization’s perimeter security. As a result, any insider with access to the internal network, regardless of technical capability or seniority, presents a risk.”

Insider illegal activities are devastating for the victims, they can fully compromise entire organizations due to the disclosure of company secrets, the weaponizing of the insider is a criminal phenomenon that must carefully monitor.
Enjoy the report!

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Dark Web,  insider)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment