No doubt many of you will have heard about the recent LinkedIn database sale on TheRealDeal dark net marketplace. It made quite the splash and is clearly one of the more fascinating cases of the “tales from the dark net” that the media likes to revel in from time to time. The database is being sold by “peace_of_mind” or Peace.
Peace has form and has even appeared back in 2014 in no less an outlet than Forbes where a write-up explained his escapades in relation to the Naughty America database. In other words, this is one database leak that we are right to pay proper attention to.
Leaving aside some of the hysteria around the leak, at least from a dark net perspective, we can note that Peace has 16 legacy sales with all being positive, bar one neutral sale. At least one of these, the final one, relates to the LinkedIn database and it is said to be ‘as described…’ The price is 4.5126 BTC and so it is by no means cheap, but given the potential uses a black hat might have for it that could be seen as a sound investment (again, so stress, from their perspective). The database is not, of course, new and stems from a 2012 hack, but it is only recently that the database seems to have made its way to the relative “surface” of the darknet or even clearnet sites such as LeakedSource. LeakedSource until recently offered a service to search the database and, for a fee (of course!), remove any entry. In response LinkedIn has actually put pressure on LeakedSource to cease and desist and they have complied. However, this hardly solves the fact that the database is still available, for a price, on TheRealDeal.
Many people likely wonder how a database from 2012 might have managed to go under the radar for so long among the hacking community when it is potentially worth so much. In conversation Peace claimed that this database was not his own work, but also that he is part of a group that targets high profile companies specifically. In relation to this story and how these sales tend to garner attention from mainstream outlets Peace noted that ‘well I have had 5 orders in the past 24 hours and to be honest I put it up for sale for one person I was doing business with I forgot to take down the listing, then Vice obtained a sample and it just kind of went from there.’ It is not uncommon these days to see “database for sale” stories that seem to report a post from Hell Reloaded or associated sites. However, it’s much rare to see a story gain such traction. The main reason for this seems to be the potential targets: could a black hat think of a better group to go after than a community of business-minded people?
Peace was somewhat indifferent to a query about the removal service offered by LeakedSource and that makes sense given his industry. The sheer volume of numbers means even if clued in types had made use of the service it would have not made a dent in the overall database. More ominous for those on the receiving end of these leaks is that Peace noted that much bigger releases were forthcoming and, crucially, that it includes one of the bigger social media websites. Only time can confirm this, but given the money involved it seems likely that the trend for selling databases will see a concerted effort by hackers to go for ever larger targets.
In relation to the health of the dark net hacking-oriented markets Peace provided interesting insights into how things look going forward. He notes that the market for ‘spam, password reuse and targeted attacks’ had ‘gotten much bigger.’ This suggests a slight move away from the exploit or malware market though one imagines the ransomware market will be unaffected. Peace added that the main issue from the black hat perspective is that it is difficult, sometimes, to find the right kind of buyer. He also pointed out that he had noticed ‘more interest in databases over the past few months’ suggesting that there is room for expansion in this field.