Unscrupulous workers who sell their employers’ secrets are nothing new. But a rise in websites dedicated to white collar crime is making the practice easier than ever—and leading more insiders to peddle confidential information.
According to a new report from the security firms RedOwl and Intsights, the activity of company insiders on so-called “dark web” sites has doubled in the last year, posing a threat to both consumers and investors.
The sites, which can only be accessed via a tool called the Tor browser, amount to online criminal syndicates where members buy and sell information about corporate earnings and other sensitive business data. Some of the schemes are so brazen they would the likes of Gordon Gecko—the fictional white collar criminal mastermind from the 1980s film Wall Street—blush.
For instance, a website called “KickAss Marketplace” advertises itself as a members-only place to go for inside corporate information. Here’s a screenshot of the site’s homepage that appears in the report:
According to one of the report’s authors, Ido Wulkan of Intsights, the online market for insider information is thriving to the point where sites can charge a membership fee of one bitcoin (currently around $950) simply to join. He added the KickAss marketplace forum publishes approximately five posts a week of insider tips.
While some dark web sites, such as one called Stock Market Insiders, focus only on insider trading opportunities, others offer forms of corporate crime. These include recruiting cashiers or other low-end retail employees to sell customers credit card numbers.
Other, more ambitious schemes seek to recruit employees with high-level computer access in order to gain access to servers or bank accounts. Here is another screenshot from the report, which purports to show a conversation between a criminal recruiter and a bank employee:
Such activities have also produced a booming segment of the cyber-security industry dedicated to stopping them. Firms like RedOwl, as well as Palantir and Splunk, use big data and analytics techniques to spot insider threats and warn companies.
Some of these companies also deploy staff—many of them with a background in the military and intelligence—to lurk on the dark web and monitor chats. One of these firms, Flashpoint, concurred that the threat from insiders is one the rise, pointing in particular to schemes targeting banks.
“Flashpoint analysts have reported and identified an increased prevalence of insider recruitment at major U.K. banks on various deep and dark web communities since at least May 2016,” said the company’s research director, Vitali Kremez. “Insider collaboration solicitations by self-described U.S. bank insiders, as well as prospective ‘partners’ searching for insiders to collaborate with on the deep and dark web, are ongoing as of January 2017.”