Yahoo Finance Disgruntled employees cashing in on confidential information over dark web
Disgruntled employees are making hundreds of thousands of dollars by leaking confidential information over a new platform on the so-called dark web, cyber researchers have said.
Hidden in a part of the internet that is only accessible using special software, the Industrial Spy platform promises huge payouts to staff willing to hand over "dirty secrets" to competitors, according to experts at intelligence business Cyberint.
Industrial Spy currently has data on twelve companies from a range of industries available to people who sign up, Cyberint said.
The platform recently managed to sell two tranches of company data for $400,000 (£318,236) and $750,000 each.
An individual has advertised the platform to potential purchasers of the data on the dark web.
The post said: "With our information you could refuse partnership with an unscrupulous partner, reveal dirty secrets of your competitors and earn millions of dollars using insider information."
Cybercriminals have long approached employees individually and offered a bribe to release sensitive information such as internal data and passwords to access computer systems.
But this new platform allows employees to act on their own initiative to steal data and sell it online.
One cyber source said: "It's one thing to be worried about staff trying to corrupt your employees. But this sort of thing is an even bigger problem.
"What kind of company doesn't have a disgruntled employee? And they could get $750,000 for doing this."
Organisations may only find out about a leak when the data has been sold and the employees have covered up their actions.
Yochai Corem, chief executive of Cyberint, said: "Employees might act against their organisation and leak internal data for any number of reasons. It might be for financial gain, activism or for political reasons.
"Given the immense financial gain from an insider acting against an employer, it was only a matter of time until a platform monetising insider data appeared."
Companies are now on high alert for cyber attacks from a range of sources.
Banks have been told to guard their systems against state-sponsored attacks in response to implementing sanctions against Russia, while lawyers have been hit by a string of attacks by criminals asking for a ransom in return for data.
The law firm Ince Group revealed earlier this month that it had been blackmailed by hackers who stole its data. It went to court to secure an injunction against the hackers to stop them leaking the data on the dark web.
Ward Hadaway, a law firm with offices across the North East, then revealed it had been blackmailed for up to £4.75m in bitcoin after hackers gained access to confidential documents. The company was told by hackers that the data would be leaked online if managers did not pay half the ransom within a week of the attack.
Mr Justice Johnson granted an injunction but warned there was "a risk that the injunction will not be effective".
The judge said: "The work that the claimant does includes acting for defendants in claims for damages for clinical negligence and in cases before the Court of Protection. Consequently, the documents it holds on its IT systems will or may include medical reports.
"There is a risk that the defendant will be able to hide behind the anonymity that it has successfully managed to maintain and that it will continue to act unlawfully behind the protection of technological systems designed to enable it to secure a ransom payable in bitcoin without disclosing its identity."
