Weaponizing of the insider in the Dark Web, a dangerous phenomenon

A study revealed how hackers in the dark web are arming insiders with the tools and knowledge necessary to help steal corporate secrets.

The dark web is the right place where to buy and sell corporate secrets, experts at the risk management firm RedOwl and Israeli threat intelligence firm IntSights made an interesting research titled “Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web.”

The research is disconcerting, hackers are operating services in the dark web to arm insiders with the tools and knowledge necessary to help steal corporate secrets, commit fraud, and conduct other illegal activities without leaving any tracks.

The researchers accessed the hidden service Kick Ass Marketplace (http://kickassugvgoftuk.onion/) and collected evidence of staff offering for sale internal corporate secrets to hackers, in some the unfaithful staff offered its support to attackers to compromise the network of their company.

The research revealed that at least in one case, someone at an unnamed bank was helping crooks to remain hidden in the corporate networks by using a malicious code.

The subscription for the service is of up to one bitcoin a month for access to corporate information offered in various threads.

The administrator of the service who goes with online moniker “h3x,” claimed that Kick Ass Marketplace has seven administrators, three hackers and two trading analysts that check the integrity of stolen data.

Months ago, the administrator claimed that its service boasted 15 investment firm members and 25 subscribers.

According to the researchers, the Kick Ass Marketplace is posting about five high confidence insider trading reports a week that allows the hidden service to pulls roughly US$35,800 a week. The analysis of the associated bitcoin wallet confirmed a total of 184 bitcoins that accounts for US$179,814.

The researchers also analyzed another hidden service dubbed The Stock Insiders (http://b34xhb2kjf3nbuyk.onion.to/) that allows its clients to recruit retail staff as mules to help cash out stolen credit cards for reliably-resellable goods like Apple iPhones.

” Another forum (see Figure 3), called “The Stock Insiders,” is also dedicated solely to insider trading. The forum was opened in April 2016. Its objective was to “…create a long-term and well-selected community of gentlemen who confidently exchange insider information about publicly traded companies.”

The report is very interesting, it includes posts used by crooks to recruits money mule in charge of cashing out the stolen card data buy goods.

Below key findings of the report:

“By studying dark web forums focused on recruiting and collaborating with insiders, we found:

The recruitment of insiders within the dark web is active and growing. We saw forum discussions and insider outreach nearly double from 2015 to 2016.

The dark web has created a market for employees to easily monetize insider access. Currently, the dark web serves as a vehicle insiders use to “cash out” on their services through insider trading and payment for stolen credit cards.

Sophisticated threat actors use the dark web to find and engage insiders to help place malware behind an organization’s perimeter security. As a result, any insider with access to the internal network, regardless of technical capability or seniority, presents a risk.”

Insider illegal activities are devastating for the victims, they can fully compromise entire organizations due to the disclosure of company secrets, the weaponizing of the insider is a criminal phenomenon that must carefully monitor.
Enjoy the report!

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Dark Web, insider)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.