In this blog post, I describe my attempt to see firsthand the intersection between insider threat and Internet underground forums on the so-called "Dark" or "Deep" Web/Net. This connection first came to my attention in a Gartner blog post in June by Avivah Litan where she stated "insiders are being actively recruited by criminals operating on the Dark Web."

For the purposes of this exercise, I was able to gain access to about a half dozen different forums. The forum that was the most fruitful for this exercise is called Alpha Bay.

From my experience visiting these sites along with examples found by other researchers, our team collectively came across many concerning topics discussed on forums, including a post by an employee at a given company boasting access to customer records, credit card numbers, and a willingness and ability to share this information for a fee.

The following screen captures provide evidence of our findings.

Figure 1: Insider Threat at Guitar Center - Courtesy of Brian Krebs

Figure 2: Insider Fraud at a Bank - Courtesy of Brian Krebs

Figure 3: Need a Verizon Employee - Courtesy of InfoSec Institute

Figure 4: Insider Recruitment is Active in the Dark Web - Courtesy of Gartner (Avivah Litan)

Below is an actual set of posts from a Dark Web forum I visited. The content in blue is verbatim and not edited for grammar, spelling, and the like. What you see is what you get!

Place in buckets/scams

For example, you might h
ave a bucket for "insider gift cards", insider bank accounts

So theoretically speaking, if I have a partner who works at walgreens who's in on my operation and my dump returns a call for authorization, would my partner just be able to lie and say that my ID matched? or do they ask for cvc?
And are visa gift cards purchasable with a card?

I am giving away 2 (half price) vouches for people who are willing to review my mobile profile service, It's not being offered by any other sellers as far as i'm aware and is I nice little earner.

please read the description below carefully for instructions on the method and pm me for a vouch - I will expect an honest review from you after you've made your money -- thanks

Boggalertz - Best Seller in the world, just wait and see.

Please read this carefully************

To take advantage of these profiles you will need the following
1) An insider in any phone shop
2) A credit or debit card, which you know the pin and registered address for
3) there must be at least £10 on the card
4) This is for UK only

Heres how it works.......
* You send me the door number and the postcode of the registered code, EXCLUDING the LAST 2 LETTERS. ( SO I DON'T EVER KNOW THE ACTUAL ADDRESS)
* I will send you back a profile which will pass for mobile phones in ANY phone shop, providing you use the correct card
*You go to your insider and place orders for as many handsets as you can get your grubby little mitts on
*You leave me nice feedback and tell the world that BOGGALERTZ is the worlds best seller!

You will need an insider because of 2 reasons
1) the DOB may not match what you or your striker looks like
2) the name will not match the name on the card (which I will never know)

In this blog post, I just scratched the surface of what types of insider services are being bought and sold on the Dark Web. My ultimate goal is to create a series of blog posts where I will delve into the concept of crypto-currency (e.g., Bitcoin) and how it is the preferred and often only payment method available on the Dark Web.

I will also introduce a new proof-of-concept strain of malware called Delilah that is designed to target potential insiders by blackmailing them to provide information about their employer. For more information about this topic, please use the Insider Threat contact form and ask that your message be directed to me.