Corporate insiders sell secrets and access on dark web

Dark web marketplaces have witnessed an increase of employees offering insider traders, fraudsters and hackers information, help or outright access to their company’s networks – for a fee, of course.

Corporate insiders collaborating with threat actors on a dark web forum

According to an analysis of a year-worth of posts on several specialized cybercrime forums, researchers from IntSights and RedOwl found that discussions and insider outreach nearly doubled from 2015 to 2016.

“The dark web has created a market for employees to easily monetize insider access. Currently, the dark web serves as a vehicle insiders use to ‘cash out’ on their services through insider trading and payment for stolen credit cards,” they pointed out.

Supply and demand

The researchers managed to gain access to several insider trading forums.

One of them – Insider Trading KickAss marketplace – is a subforum that has been active for nearly a year. The administrators are very particular about who they invite to join, and charge a membership fee of 1 BTC.

“These groups require those who apply for membership to prove their capabilities and/or access to knowledge by sharing real inside information, which is then thoroughly checked and confirmed,” the researchers explained.

“The forum appears relatively active with approximately five posts per week and a total of 40 BTC in transactions (approximately $35,800). According to the group’s manager, there are members who make more than $5,000 USD a month using the leaked information.”

On another forum payment card fraudsters have been spotted looking for retail chain store cashiers that could help them buy iPhones with stolen credit cards. The cashiers are, of course, remunerated for not flagging the transaction as potentially fraudulent. Other store employees are asked to help fraudsters steal customers’ payment card information.

In another instance, hackers were looking for a bank employee that would help them plant malware directly onto the bank’s network, allowing them to have continuous access to computers that handle transfers.

Minimizing the threat of corporate insiders

It’s simple: the criminals have the knowledge and the tools, and the insiders have access and information. Using dark web forums for making deals and organizing the attack/compromise minimizes the possibility of insiders being detected and identified.

To minimize the insider threat, enterprises should create, train and enforce consistent corporate security policies while protecting employee privacy,” the researchers advise. The rules and penalties for engaging in insider behavior should be clear.

Technology that monitors employee activity without infringing their privacy should be implemented, and security teams should be on the lookout for suspicious employee activity.