Staff are taking to the dark web to leak corporate secrets for cash, research reveals.
Hackers from US-based risk management outfit RedOwl and Israeli threat intelligence firm IntSights worked their way past the interview process to access the private dark net property Kick Ass Marketplace, where they found evidence of staff selling internal corporate secrets to hackers. In some cases staff even collaborated with blackhats to infect their company networks with malware.
Staff at an unnamed bank were also found to be helping hackers maintain a persistent presence on their corporate networks.
Clients can pay a subscription of up to one bitcoin a month for access to allegedly vetted and accurate insider information which is posted in threads on the site, then cash in on the information they glean.
The site is run in part by an adminstrator known as "h3x" who in an May interview with DeepDotWeb claimed to be a "self-taught cryptographer, economist, investor, and entrepreneurial businessman".
h3x has claimed that Kick Ass Marketplace boasts seven administrators, including three hackers and two trading analysts who observe financial markets and vet the integrity of stolen data before posting it to the site.
Posts are assigned confidence ratings and advice about whether to buy or sell stocks is included.
The hacker claimed, in the now nine-month-old interview, that the site boasted 15 investment firm members and 25 subscribers.
An example post on The Stock Insiders. Disclosures are required to gain access. Image: The Register.
Ido Wulkan of IntSights, with colleague Tim Condello and finance man David Pogemiller say in the report Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web [PDF] published today that the site is posting about five high confidence insider trading reports a week.
The site pulls some US$35,800 a week according to analysis. Its reported main bitcoin wallet holds 184 bitcoins (US$179,814).
Kick Ass Marketplace admits only skilled users. Image: The Register
Another dark web site the trio studied, dubbed The Stock Insiders, recruits retail staff as mules to help cash out stolen credit cards for reliably-resellable goods like Apple iPhones.
The report includes posts where fraudsters seek help from strikers, people willing to walk into stores with stolen credit cards pretending to be legitimate account holders who approach cooperating sales clerks to buy goods.
The trio say insider recruitment is "active and growing" with chatter across public and private forums about the subject doubling from 2015 to 2016.
"The dark web has created a market for employees to easily monetise insider access," the researchers say.
"The dark web serves as a vehicle insiders use to cash out on their services through insider trading and payment for stolen credit cards.
"Sophisticated threat actors use the dark web to find and engage insiders to help place malware behind an organisation’s perimeter security [and] as a result, any insider with access to the internal network, regardless of technical capability or seniority, presents a risk."
Insider theft can be a disastrous for some organisations. In Australia, theft of sensitive corporate information including designs and customer records can be considered a civil rather than criminal matter, leading to very lengthy and expensive lawsuits.
Thefts can be as simple as real estate agents taking client lists to new businesses, and general practitioners patient lists to establish their own rival practice, two acts of fraud which are understood to be common. ®