Bankers Recruited By Kickass
A recent research revealed that certain corporations in the United States are stealing their own corporate data and selling it on the darknet. Researchers and specialists from two organizations that conducted the investigations revealed that they had worked their way into one of the dark net sites that was selling corporate secrets to hackers. The site is a dark net market site called Kick Ass marketplace.
“We managed to get through the interview process and get admitted into the site where we realized that our own staff was selling company secrets for cash,” said one of the officials.
In certain extreme cases, some of the corporate employees worked in close conjunction with the hackers to infect their corporate servers with malicious malware. In one such case, a corporate bank that will remain anonymous, had some staff members collaborating with the hackers to ensure that they maintained a presence in the network of that bank at all times.
Gaining access to any darknet market is not easy, nor free. Such is the case when trying to access sites like Dream Market or Hansa. In order to access these sites, the individual needs to pay a minimum of one bitcoin per month. The clients of these sites pay monthly subscriptions to maintain their presence on the site. With up to date payments, these clients then have access to information that is posted in the forum and website threads. The administrator of this site claims that the information posted in the threads is vetted and verified before posting.
Therefore, the corporate information is accurate and in this case extremely valuable. Users who attain all this bank information immediately have an advantage on the market. Whether they are using this information for the stock exchanges around the world or simply to get some insight, they have the edge over the average broker and banker.
“There are about five posts made per week by [Kickass] about this bank in particular. These reports are highly confidential and help the subscribers with insider trading,” said Ido Wulkan, head of the research team at Intsights.
Kickass Is Not Alone
The owner of Kickass is said to be a difficult person to contact. Known in the dark web as H3X, he claims to be self taught in investing, stock trading, banking and entrepreneurial studies. He also claims that the site has seven employees who study the relevance of the stolen data, and vet all of its credibility before posting it on their threads.
The posts they make are rated on a scale of accurate to bad, and advice is offered with regard to how they can help you when it comes to stock selecting and trading. The site has over forty members comprising of investment firms and individual members at the time the report was taken.
The site nets over $30,000 every month from these operations. Its official wallet has close to 200 bitcoins.
In yet another case, another site on the dark web known as The Stock Insiders does similar work. It looks to banks to have staff assist them with stolen credit card information and cashing out on the helpless victims of that bank. By recruiting bankers they are able to purchase products from them. The site is also seeking help from people who are willing to go to stores and pose as real owners of the credit cards. They will work closely with store workers who have been recruited into the network.
Clearly this is a darknet marketplace to stay away from. And as a result it brings down the credibility of more respectable sites like Alphabay. The researchers stated that though these sites are not as common and widely known as other dark web market places, they have created an environment for rogue employees to cash in from company data.
“These markets create an environment where employees can cash in on company information and stolen corporate secrets,” said one of the researchers from the team.
The researches further concluded by saying that this is a serious problem that is slowly sipping into the corporate fabric. Many of the security problems experienced in firms are said to be accidental. This presents a major challenge for security personnel in the corporate scene. Most employees just click on links that are infested with malware or in other cases the links lead to phishing sites without their knowledge. These are often taken as mistakes. However, in some instances, cyber criminals within organizations may take advantage of this and give access to hackers. Preventing this may prove to be a challenge that the corporate sector has to grapple with.