It would be hard to walk into to a major business and walk away with all its sensitive information. But sometimes that’s not the case when it comes to online networks.
Q6 Cyber, a cybersecurity firm that specializes in monitoring the dark web, showed CNBC a forum post in Russian where the cybercriminal was offering access to a New York City law firm’s network and files, and was willing to send screenshots as evidence he had broken in.
The price for the access was $3,500.
That law firm was not alone, says Eli Dominitz the founder and CEO of Q6, which is based on Hollywood, Florida. Q6 has found similar information from law firms in Beverly Hills and other locations across the country for sale. They would not name any of the law firms.
“If you’re a law firm that’s involved in major transactions, [mergers & acquisitions] of publicly traded companies, you’re going to have a lot of sensitive information, inside information before it becomes publicly available,” Dominitz said. “If I’m able to access that, I can trade around that and manipulate stocks and make a lot of money. We’ve seen that kind of activity by very sophisticated cybercriminals.”
The law firms are just one of the many targets of cybercriminals. There has been a 135 percent year-over-year increase in financial data, such as bank account logins and financial records, being sold on dark web, according to Intsights, a cyber-intelligence company.
“Today, banks and financial institutions have lots of partners and third parties. [There are] lots of security vulnerabilities and black holes. In many cases, a hacker can manage to take advantage of one platform,” said Itay Kozuch, Intsights’ director of threat research.
None of the experts CNBC spoke to were surprised the law firms’ records were for sale.
Matt O’Neill, a supervisory special agent with the Secret Service unit that manages financial crimes said he wouldn’t be at all surprised if law firms had their data stolen and sold online.
While the law firm information for sale was found on hidden websites, O’Neill says the top cybercriminals are actually becoming more brazen about advertising their wares. It comes down to getting the most customers.
“You want everybody who potentially wants to buy it to access you, and not to go through a bunch of different steps in order to even find you,” O’Neill said.
“I would say that the people operating on the dark web are on the lower tier of the hierarchical structure of bad guys,” O’Neill said.
But that lower tier is now collaborating on dark web forums and becoming more sophisticated.
“They actually have different sites in various languages in which you’d go and actually exchange ideas, and collaborate from a criminal nature,” said Robert Villanueva, an executive vice president at Q6. He spent over 20 years with the Secret Service and founded their cyber intelligence section. “There’s hundreds of these websites. Thousands of users and threat actors on these websites, dedicated to one thing: cybercrime. Period.”
To the cybercriminals, borders do not matter.
“You can be a criminal in Nigeria, in Brazil, in Miami, in London. All you have to do is know where to go, find the right tools and services, and you can be up and running very quickly. It’s almost plug and play,” Dominitz said.
While most cybercriminals are motivated by money, there is a sense of community on these forums with members willing to share their tips and tricks, according to Dominitz. “A lot of these forums have dedicated sections or threads and posts that are helping these newbies get in the business of cybercrime, » he explaineed.
One major target they’re trying to capture? Your user name and password. Dominitz showed CNBC an online marketplace where these credentials are sold.
“These are… online logins to financial institutions, ecommerce companies, retail companies,” he said.
There is a 40 percent year-over-year increase in financial institution credentials being sold on the dark web, according to Intsights.
The marketplace CNBC saw predominantly sells consumer credentials, but criminals can gain access to business user names and passwords as well.
“We’ve seen situations where cybercriminals are specifically advertising IT admin credentials…Those have very, very high privileges, and those accounts worth a lot of money,” Dominitz said. “A CEO is going to have a lot of sensitive information. But if you’re talking about network access and systems access, it’s usually the IT admin who’s going to have a lot more [access] than anybody else.”
Another reason cybercriminals want credentials is to access email accounts.
“How many people keep sensitive information in their emails, in their different folders? Well, that’s how they get into multiple accounts. And then, basically compromise your credit. Compromise your family security,” Villanueva said.