Dark web: Cyber criminals selling access to critical infrastructure including hospitals, power plants and government agencies
Access to computer systems that control critical government and private-sector infrastructure such as hospitals, airlines, power plants and financial firms is being sold on a dark web marketplace by cyber criminals, DeepDotWeb reported Monday.
The cyber criminals have managed to bypass private computer networks of a number of government systems to gain access to infrastructure systems and then sold that access or exchanged it for Bitcoins, one of the world’s largest cyber-currencies.
As the web site further reported:
An underground darknet marketplace called the CMarket or “Criminal Market” which was formerly known as “Babylon APT” is where all this is happening. The marketplace is made up of a public market, an invite-only sub market and hackers for hire service capable of breaching any private network or any network in general in any country worldwide.
BlackOps Cyber, a globally-based darknet intelligence company which specializes in Intel, threat analysis, and digital weapons reportedly provided The Epoch Times with analysis, various screenshots and chat logs obtained from the darknet marketplace. This was all achieved when an undercover agent from the cyber company had access to the marketplace’s invite only sections and worked its way up to get close so [sic] many of its top members there where he obtained vital information.
BlackOps researchers have revealed in subsequent reports that the principal actor appears to be a state hacker who works for the Chinese Communist Party, and is working on behalf of the government in Beijing. The hacker sells data stolen from companies on behalf of China to various buyers in the dark web.
“He doesn’t mind doing that crossover back-and-forth from the underworld to his workplace,” BlackOps reported. “He’ll also recruit in the underground for his side business.”
The marketplace in which the Chinese hacker operates, however, is controlled by hackers from a number of cyber organizations spanning several countries who claim to be Latin in origin. Some of the work is spread to hackers in Brazil and the Philippines when they need extra assistance.
The network of hackers also created their own chat group on the dark net marketplace because other sellers on other dark web marketplaces considered their ‘products’ much more apt to attract the attention of law enforcement.
“They’re afraid of our products,” one CMarket seller wrote.
BlackOps obtained one leaked chat log in which a seller on CMarket claimed to have sold stolen databases linked to NATO and the German Defense Ministry. In addition, a seller also offered access to breached devices of a terrorist cell currently training to infiltrate Western Europe.
“They’re all active supporters and combatants [sic],” the seller wrote, noting that the terrorists were being trained at the time and “will be sent to other parts of Europe. … Not all, but some.”
DeepDotWeb also noted:
CMarket reportedly also had an entry which offered access to power plant facilities and multiple critical infrastructure components, typically known as “SCADA” systems. Access was going for a price of 3 to 5 bitcoin, which is equivalent is between £6,309 ($8,261) and £10,515 ($13,768).
Another reported offering was advertised as an access to the U.S Coast Guard’s Vessel Identification System which is used in monitoring automatic tracking systems used to identify ships, including those used by law enforcements.
That entry was also being sold for 5 to 7 bitcoins ($11,761 to $16,465). BlackOps also reported that the CMarket hackers were trying to trade the breach to smugglers who could use it to trace and avoid Coast Guard ships. The offerings contained various identities and personal information of agents in the Federal Police of Brazil.