Support 100 years of independent journalism.

  1. Spotlight
  2. Cybersecurity
23 February 2017updated 12 Jun 2018 4:15pm

What can you find on the eBay of secrets?

Encrypted corners of the internet have become a marketplace for company secrets. IntSights’ Ido Wulkan and RedOwl Analytics’ Tim Condello discuss how to tackle the problem.   

By Rohan Banerjee

Keep your friends close but your enemies closer. This mob maxim from The Godfather Part II takes on a twisted new meaning on the dark web. The dark web, for those in the dark, is a collection of websites that exist on an encrypted network and cannot be found using traditional search engines or browsers. Dark web users are afforded, therefore, a cloak of anonymity and unknown location. For this reason, the dark web has become a hotbed for insider trading, converting friends into enemies for the right price.

Ido Wulkan, intelligence team leader at IntSights, and Tim Condello, technical account manager at RedOwl Analytics, co-authored a special report on this phenomenon – Monetizing the Insider – last month. Wulkan, who terms these dark web sites as a “sort of eBay of secrets”, explains how they have evolved over time. “What it does is give cyber criminals a new variety of products that before now no one thought were available online. It started off as a place to sell drugs and other such illegal merchandise, but gradually as the dark web has become more popular, more readily accessible, the market has evolved.” What kind of things are people selling now? “Information. There is a concrete and prominent market for insider insight and information.” Like what? Condello pitches in: “What the report found was that dark web criminals enlist people who work and have insider knowledge at banks and financial institutions. It means they can steal or transfer money; we found the dark web being used a lot to manipulate stocks.”

It seems fair to say, then, that the criminals on the dark web are setting their sights a little higher than soap opera spoilers. Wulkan continues: “With the insider’s information, the threat actor attempts to profit with a more educated action, maybe a stock market bet, and the insider receives a commission. The dark web facilitates illicit trading activity by providing anonymity, making actors difficult to identify. All of the transactions are in Bitcoin (a type of digital currency that uses encryption) so it’s harder to trace them.” As of January 2017, the exchange rate of 1 BTC was US$895.

The dark web’s insider trading racket, Condello is keen to stress, is pronounced. He says: “The insider trading forums we investigated were exclusive. They were like clubs. Though some activity may be happening in generic black markets, it appears that the most potent information and sophisticated actors are in small, elite groups. These groups require those who apply for membership to prove their capabilities and/or access to knowledge by sharing real inside information, which is then thoroughly checked and confirmed.”

The KickAss marketplace, a dark web forum which the report case studied, is a hub for such groups. The forum’s managers claimed to enforce high standards by reviewing every user’s post for accuracy. In return for this high bar, they also charge a significant 1 BTC membership fee. The forum is fairly active with around five posts and a total of 40 BTC in transactions (US$35,800 per week). According to the report, there are members who make more than $5,000-a-month using the leaked information.

Select and enter your email address Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Your guide to the best writing across politics, ideas, books and culture - both in the New Statesman and from elsewhere - sent each Saturday. A newsletter showcasing the finest writing from the ideas section, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

Recruitment of insiders on the dark web is growing. Research found that forum discussions on insiders nearly doubled from 2015 to 2016. What are the reasons behind this? While Condello accepts that in some circumstances, employees of organisations can be duped or let down by their own lack of appreciation for the sensitivity of the information they are privy to, he suggests that the most common cause is disillusionment. “I suppose you get some cases where people are roped in, but there are plenty of people who do end up seeking out this kind of activity themselves. The hackers will capitalise on the sort of person who needs money or is maybe dissatisfied with their status in life or position in the company. Insider trading is a way for them to make some money out of their situation.”

Indeed, dark web criminals have targeted collusion with some lower-level employees of organisations who are more receptive to the promise of a cash reward. The report featured examples of a dark web forum member approaching a cashier in a large chain to help purchase iPhones and another to relay credit card details.

But why are people willing to risk their jobs? Wulkan adds: “Well, if they are that unhappy then is it something they’re going to lose? I think people are more willing to take risks because it is easier to stay hidden.”

Is there any light at the end of the dark web tunnel? Yes, there is; and both Wulkan and Condello insist that companies must do their utmost to reach it. According to the pair, the response to insider trading should be three-fold: cultural, human and technological. The cultural dimension, recommends Condello, relates to “creating an environment to mitigate from the threat of disgruntled employees. So it’s important that companies start understanding the relationship between their human and technological resources. There needs to be a holistic approach to training and a message that we’re all in this together. If people are happier in their work, they are less likely to want to sabotage it.”

Further to this, the human aspect, Wulkan points out, means treating the two as one and the same is misguided. He says: “Treating insiders as a technological problem ignores the human side of their motivation and behaviour. Security teams must monitor employee behaviour across a broad array of channels that identify suspicious activity and also help understand negative employee sentiment.”

Despite the focus of Wulkan and Condello’s comments being on the less technical elements of the problem, neither are naïve as to the pertaining need for advanced technology. Condello concedes: “Regardless of what you might manage with your culture or staff, you’ve got to prepare for the case that it might not work too; so you need an effective insider threat programme. This means a foundational capability to see across all employee activity and spotlight any unwanted behaviour, while still respecting employee privacy.”

How can surveillance still respect employee privacy? Given that employees are ultimately using a work system, Condello considers any charge of encroachment philosophically. He says that monitoring is a “last line of defence” and more concerned with “patterns of work” than scraping the barrel of email content. 

Underestimating the capacity for internal threats has, according to Wulkan and Condello, themed a worrying amount of companies’ capabilities for cyber security. Ironically, 80 per cent of security services studied in the report focused on perimeter defences, while fewer than half of organisations had budgeted for insider threat programmes. “The threat landscape,” Condello reiterates, “is not something that’s exclusively external and companies need to realise that.”

The cost to productivity and – arguably more damaging – reputation is a risk factor that no company can afford to take lightly. Wulkan concludes: “We’re not only talking about protecting the company and the brand; it’s about protecting the customers as well.”

Topics in this article :