At the end of 2019, there are about 70 services for recruiting insiders in banks in the Russian-speaking segment of the darknet, which daily leak confidential information about customer accounts, dataleak reports.
The recruiter receives an average of 15,000 from the “punch” for each employee. The task specifies the search criteria — for example, a position in the organization. Then the customer just waits for the recruiter to send him the contacts of a ready-to-work employee. The wait lasts 5-7 days on average.
The cost of recruitment ranges from 7000 to 100,000 rubles and depends on the complexity of the task.
The US leads the firearms trade in the darknet
The attacker earned $760 thousand on fake domains in the “dark net”
On March 21, 2019, Digital Shadows specialists reported an unusual fraudulent operation – a massive case of typesquatting on the dark net. Typesquatting refers to the reception with the registration of domain names similar in spelling to the names of well-known brands. Relatively speaking, the domain name example.com at first glance, it is quite difficult to distinguish in the address bar from the name exarnple.com . In the case of popular brands, this allows attackers to create fake websites on such domains to steal credentials or financial resources of visitors.
The use of typesquatting in common top-level domains has been known for a long time. But its use in the anonymous Tor network is something else. Digital Shadows researchers accidentally stumbled upon the statements of an anonymous attacker who boasted that he was able to create a network of 800 fake names in the “dark network” (on a pseudo-domain.ONION). The domains imitated the names of various legitimate dark net resources. However, the word “legitimate” is inappropriate in this case, since we are talking mainly about hacker trading platforms, forums and other resources of this kind. For four years, fake pages brought the fraudster about 760 thousand dollars in the bitcoin cryptocurrency. The money was received from payments for goods and services (which the attacker, of course, did not provide), donations to maintain resources (a common practice for the “dark network”) and trading accounts whose credentials were stolen.
Digital Shadows experts failed to check the financial achievements of the fraudster. But they were able to detect at least 500 fake domains that really imitated the popular resources of the Tor network. And it is very likely that typesquatting in it is indeed a profitable business. The task of the attackers, in this case, is also facilitated by the fact that the addresses of onion resources are a long set of often arbitrary characters, and therefore it is an almost impossible task to remember the desired address and distinguish it from a fake one.