Web sites

Hackers selling access to law firm secrets on dark websites

It would be difficult to walk into a large company and walk away with all of its sensitive information. But sometimes that’s not the case when it comes to online networking.

Q6 Cyber, a cybersecurity firm specializing in dark web surveillance, showed CNBC a forum post in Russian where the cybercriminal was offering access to the network and files of a New York City law firm. , and was willing to send screenshots as proof that he had broken in. .

The price of access was $3,500.

This post on a dark web forum in Russian claims to sell access to a law firm’s network and files.


That law firm wasn’t the only one, says Eli Dominitz, founder and CEO of Hollywood, Florida-based Q6. Q6 found similar information from law firms in Beverly Hills and other places across the country for sale. They wouldn’t name any of the law firms.

“If you are a law firm involved in major transactions, [mergers & acquisitions] publicly traded companies, you’re going to have a lot of sensitive information, inside information before it becomes publicly available,” Dominitz said. “If I can access it, I can trade around it and manipulate stocks and make a lot of money. We’ve seen this kind of activity by very sophisticated cybercriminals.

Eli Dominitz is the founder and CEO of Q6 Cyber, a dark web intelligence company.


Law firms are just one of many targets for cybercriminals. According to Intsights, a cyber-intelligence firm, there has been a 135% year-over-year increase in financial data, such as bank account logins and financial records, sold on the dark web.

“Today, banks and financial institutions have many partners and third parties. [There are] lots of security vulnerabilities and black holes. In many cases, a hacker can successfully take advantage of a platform,” said Itay Kozuch, director of threat research at Intsights.

None of the experts CNBC spoke to were surprised that the law firm records were up for sale.

Matt O’Neill, a supervisory special agent with the Secret Service unit that handles financial crimes, said he wouldn’t be at all surprised if law firms had their data stolen and sold online.

While information about the law firm for sale has been found on hidden websites, O’Neill says major cybercriminals are actually getting more brazen about advertising their wares. It’s about getting the most customers.

“You want everyone who potentially wants to buy it to get to you, and not go through a bunch of different steps to even find you,” O’Neill said.

Matt O’Neill is a Secret Service Supervising Special Agent, specializing in cybercrime.


“I would say that people operating on the dark web are at the bottom level of the villain hierarchy,” O’Neill said.

But this lower level is now collaborating on dark web forums and getting more sophisticated.

“They actually have different sites in different languages ​​where you would go and brainstorm and collaborate criminally,” said Robert Villanueva, executive vice president of Q6. He spent over 20 years in the Secret Service and founded their Cyber ​​Intelligence Section. “There are hundreds of these websites. Thousands of users and malicious actors on these websites, dedicated to one thing: cybercrime. Period.”

Former Secret Service member Robert Villanueva, who founded their Cyber ​​Intelligence Section, is now Executive Vice President of Q6 Cyber


For cybercriminals, borders don’t matter.

“You can be a criminal in Nigeria, in Brazil, in Miami, in London. All you have to do is know where to go, find the right tools and services, and you can be up and running very quickly. It’s almost plug and play,” Dominitz said.

While most cybercriminals are motivated by money, there is a sense of community on these forums with members eager to share their tips and tricks, according to Dominitz. “Many of these forums have dedicated sections or threads and posts that help these newbies get into cybercrime,” he explained.

A major target they’re trying to capture? Your username and password. Dominitz showed CNBC an online marketplace where these credentials are sold.

“These are… online connections to financial institutions, to e-commerce companies, to retail companies,” he said.

According to Intsights, there is a 40% year-over-year increase in financial institution credentials being sold on the dark web.

The marketplace that CNBC saw primarily sells consumer credentials, but criminals can also gain access to business usernames and passwords.

A store on the dark web specializing in the sale of identifiers, usernames and passwords to access accounts.


“We’ve seen situations where cybercriminals specifically advertise IT admin credentials… Those have very, very high privileges, and those accounts are worth a lot of money,” Dominitz said. “A CEO is going to have a lot of sensitive information. But if you’re talking about network access and systems access, it’s usually the IT admin who will have a lot more. [access] than anyone else.

Another reason cyber criminals want credentials is to access email accounts.

“How many people keep sensitive information in their emails, in their various folders? Well, that’s how they access multiple accounts. And then basically jeopardize your credit. Compromise your family’s safety,” Villanueva said.