This article is more than 1 year old

'eBay' of targeted attacks infiltrated by ex- Shin Bet intel men

Crims sold information on attack vectors, potential staff to blackmail.

Former members of Israel's Shin Bet intelligence agency have infiltrated a since-scuppered hacking forum that served as a specialist marketplace of targeted attacks.

Intelligence bods from Diskin Advanced Technologies gained access to the Enigma forum, which required users to actively trade in illicit services to continue their membership; shortly afterwards, suspecting infiltration, admins suspended it.

The spooks told KrebsonSecurity the forum was a virtual eBay of targeted attacks, trading paid requests for access to and data theft from companies like HSBC UK, Citibank, and Bank of America.

“On Enigma, members post a bid and call on people to attack certain targets or that they are looking for certain databases for which they are willing to pay,” Senior intelligence expert Noam Jolles told the masthead.

"I even saw bids regarding names of people who could serve as insiders,” he said. “Lists of people who might be susceptible to being recruited or extorted.”

Dark web forms like Enigma serve less than five percent of sensitive criminal information to visitors who have yet to undergo intense background checks.

Information, not credit cards, is king here. Personal information, intellectual property, and reconnaissance data is plied to help the very worst and most ambitious black hats to hack prominent organisations.

On Enigma and other sites like it even information on staff members vulnerable to bribery or blackmail are sold as potential attack points.

Gartner analyst Avivah Litan says researchers identify these covert and sophisticated hacking hubs but analysing traffic and seeking certain keywords that indicating trading.

Crime forums go to great lengths to identify and remove the many white hat security researchers and police who spend years establishing access and building fake online aliases.

Forums like the infamous English-speaking Dark Kode have been torn down by international law enforcement stings after actors on those sites were identified by infiltrating white hats and police.

Registration processes regularly require payment in Bitcoins, plus trusted members willing to vouch for you. Users must be seen to engage in trade and demonstrate knowledge of the various crime trading scenes. ®

More about

TIP US OFF

Send us news


Other stories you might like