![dataloss logo](/images/dataloss-logo.png)
BreachExchange mailing list archives
Everyone Here Is a Criminal or a Spy: How Darknet Groups Operate
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 26 Mar 2020 09:21:22 -0500
https://www.wsj.com/articles/everyone-here-is-a-criminal-or-a-spy-how-darknet-groups-operate-11584523800 Darknet groups where corporate employees illegally peddle inside information come with their own sets of rules. Stocknet, for instance, is a dark-web-hosted platform that offers an annual membership for one bitcoin, equivalent to just over $5,300 at the current exchange rate. Free membership is available for those who submit information at least twice a year that would be useful to other members. Member guidelines reviewed by WSJ Pro Cybersecurity advise members to keep trades small to avoid detection by regulators. “Make a nice profit with each trade and grow your wealth. Don’t bring attention to yourself with a million dollar trade if you haven’t done that volume before,” the guidelines say. Insiders Sell Employers’ Secrets on Darknet Bazaars Stocknet also spells out what types of private corporate data members should offer: Important news announcements that could move markets, such as M&A deals or contract wins, for instance, must be submitted at least three hours before being made public. Attempts to identify and reach Stocknet operators were unsuccessful. In more transactional groups, sellers sometimes ask for big money. A post on a darknet group, Torum, on Jan. 8 offered access to a private data set that it said could be used to make investment decisions. “This data source is still unknown to institutional investors, this explains the large edge,” the post reads. “Proof (confirmed by a 3rd party) and metrics are available on request.” The seller suggested that a prospective buyer had already offered $300,000 and asked for other bids. These transactions are usually conducted through private messages, so any final sale amount isn’t public. Buyers usually demand a sample of the data for sale or a demonstration that sellers have the access they claim. Forum moderators often act as middlemen, holding funds in escrow until delivery, for a cut. Reputation determines access levels, and scammers are quickly cut from groups, often becoming targets of their would-be marks. It is clear when participants make bogus offers, said Kurtis Minder, chief executive of cyber intelligence company GroupSense Inc. “There’s no honor among thieves, but there is enough chatter on the darknet about scams that you would know [a scam].” Some groups, like Torum, simply require a minimum post count to access restricted forums, said Kyle Hanslovan, chief executive of security firm Huntress Labs Inc. Other groups demand that aspirants bring something to prove their worth, such as a list of hacked credit-card accounts or a cache of personally identifiable information, he said. Members must contribute regularly to stay, Mr. Minder said. More exclusive groups might require a demonstration of hacking prowess, such as being assigned a vulnerable server to attack, with any data captured then disseminated to the group. In effect, Mr. Hanslovan said, bona fides are sometimes demonstrated by committing crimes. This is a challenge for researchers who don’t want to break laws. The intelligence companies that provided material to WSJ Pro Cybersecurity said that they didn’t attain it through criminal acts. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Everyone Here Is a Criminal or a Spy: How Darknet Groups Operate Destry Winant (Mar 26)