China’s cyber spies have been found to be running private marketplaces on Dark Net. Ed Alexander, The Chief Information Security Officer for a California-based company, DBI found out earlier this week. In a phone interview, Alexander said these private markets are where many of China’s state sponsored hackers do their side work and sell stolen data to the highest bidders.
“The hackers’ primary allegiance is to China. Their secondary allegiance is to themselves.” Alexander is quoted as saying in his phone interview.
DBI trains and manages dark net operatives-for-hire, who conduct human intelligence(HUMINT) operations on Dark Net, and Alexander provides over watch for one of the world’s largest CyberHUMINT teams. In spite of reports saying China’s state driven hackers are sloppy and poorly skilled, Alexander assured that in his 10 years since running cyberHUMINT operations, that they are in fact the most sophisticated people he has seen. Even other nation state hackers, like Syrian Electronic Army, are nowhere close having the sophistication of the Chinese.
Alexander compares Dark Net to a prison gang ecosystem. People who are new to Tor and Dark net are not seen as being part of the gangs, “They’re just outsiders looking around.” He said.” Always oblivious to the discussions that go on amount the organizations running the show.”
He went on to say that in these communities, DBI sees discussions on which government and business networks are being targeted, which ones have already been infiltrated, and even to see what’s being sold and how much its sold for. When it comes to the Chinese Dark Net, the public forums are most used by the less experienced hackers. The markets operated by the state are much more hard to find.
Alexander said these hackers have told his operatives that they are state sponsored. “They tell us they work for China.” The marketplaces used by China’s state hackers use a three step invite only process for access. Step one is being proposed by a known member to a sites admin for approval. Step two is to be vouched for by at least five known and trusted entities on the Dark Net of impeccable status. Finally, every prospected buyer needs to prove they own, and can operate a digital wallet worth at least $100,000 of bitcoin. Most of their buyers are representatives from nation-states, Alexander said there are buyers from a surprisingly large number of countries on their markets, including Russia and Iran.
Alexander also says the Chinese state hackers will sell to any country that has enough money to afford their price tag but note that they do not sell to representatives from terrorist organizations. What’s the price tag included with something like this? Stolen data sells for up to $75,000, access to a business or government network sells for around $100,000 and no less than $1 million to breach a specific target.
Even with the amount of cash to be made, Alexander says the Chinese hackers run the markets as a side business only. Breaching networks under the Chinese regime fills they’re time for a day job, but they’ll often steal additional data they can sell on the black markets.