Dark Web Paying Corporate Workers To Leak Info


This is not particularly new news, but the Dark Web paying corporate workers to leak info – especially pertaining to stock prices (earnings reports etc) is setting the mainstream news on fire at the moment.

Dark Web Paying Corporate Workers To Leak Info

It’s also funny because people constantly contact us asking questions about the ‘Dark Web’ aka the ‘Dark Net’ which happens to be the name of this site, a name which existed way before Tor did.

Of course the concept of a darknet also way pre-existed Tor as it was a thing way back in the 1970s of designated networks that were isolated from ARPANET.

Staff are taking to the dark web to leak corporate secrets for cash, research reveals.

Hackers from US-based risk management outfit RedOwl and Israeli threat intelligence firm IntSights worked their way past the interview process to access the private darknet property Kick Ass Marketplace, where they found evidence of staff selling internal corporate secrets to hackers. In some cases, staff even collaborated with blackhats to infect their company networks with malware.

The staff at an unnamed bank were also found to be helping hackers maintain a persistent presence on their corporate networks.

Clients can pay a subscription of up to one bitcoin a month for access to allegedly vetted and accurate insider information which is posted in threads on the site, then cash in on the information they glean.

The site is run in part by an administrator known as “h3x” who in a May interview with DeepDotWeb claimed to be a “self-taught cryptographer, economist, investor, and entrepreneurial businessman”.

h3x has claimed that Kick Ass Marketplace boasts seven administrators, including three hackers and two trading analysts who observe financial markets and vet the integrity of stolen data before posting it to the site.


It is pretty nefarious, though and is giving more ammunition to the naysayers that the dark web is a bad thing and is giving the malicious actors a place to hide.

A story that has been trotted out since the Silk Road bust made the existence of Tor (and what goes on inside the network) pretty mainstream.

Another dark website the trio studied, dubbed The Stock Insiders, recruits retail staff as mules to help cash out stolen credit cards for reliably-resellable goods like Apple iPhones.

The report includes posts where fraudsters seek help from strikers, people willing to walk into stores with stolen credit cards pretending to be legitimate account holders who approach cooperating sales clerks to buy goods.

The trio said insider recruitment is “active and growing” with chatter across public and private forums about the subject doubling from 2015 to 2016.

“The dark web has created a market for employees to easily monetise insider access,” the researchers say.

“The dark web serves as a vehicle insiders use to cash out on their services through insider trading and payment for stolen credit cards.

“Sophisticated threat actors use the dark web to find and engage insiders to help place malware behind an organisation’s perimeter security [and] as a result, any insider with access to the internal network, regardless of technical capability or seniority, presents a risk.”

Insider theft can be disastrous for some organisations. In Australia, theft of sensitive corporate information including designs and customer records can be considered a civil rather than criminal matter, leading to very lengthy and expensive lawsuits.

It’s pretty hard to stop, or even trace such perpetrators if they have any reasonable understanding of OPSEC. Which by the looks of it, they have as the networks have been infiltrated by infosec companies and they haven’t been busted yet.

It doesn’t mean given time they won’t be busted though, so we’ll be watching for news of that.

Source: The Register

Posted in: Legal Issues, Privacy


Latest Posts:


HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.
Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.
OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.
trident - Automated Password Spraying Tool trident – Automated Password Spraying Tool
The Trident project is an automated password spraying tool developed to be deployed on multiple cloud providers and provides advanced options around scheduling
tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.


Comments are closed.