Access to Private Computer Networks of Critical Infrastructure being sold on the Dark Web

Cyber criminals on a darknet marketplace have taken hacking to another dimension this time around by bypassing the private computer networks of several government systems, gaining access to critical infrastructure targets such as hospitals, power plants, financial firms and airlines, government departments and then selling or exchanging them for bitcoins, one of the largest online cryptocurrency.

An underground darknet marketplace called the CMarket or “Criminal Market” which was formerly known as “Babylon APT” is where all this is happening. The marketplace is made up of a public market, an invite-only sub market and hackers for hire service capable of breaching any private network or any network in general in any country worldwide.

BlackOps Cyber, a globally-based darknet intelligence company which specializes in Intel, threat analysis, and digital weapons reportedly provided The Epoch Times with analysis, various screenshots and chat logs obtained from the darknet marketplace. This was all achieved when an undercover agent from the cyber company had access to the marketplace’s invite only sections and worked its way up to get close so many of its top members there where he obtained vital information.

Reports from BlackOps researchers revealed that the main culprit appears to be a state hacker who also happens to be working for the Chinese Communist Party. He conducts his business for the Chinese regime in his regular work and then sells the data obtained from several companies, governments, and other targets on the darknet market to various buyers. “He doesn’t mind doing that crossover and back and forth from the underworld to his workplace,” BlackOps said. “He’ll also recruit in the underground for his side business.”

The marketplace, however, is run by a combination of hackers from several cyber crime groups across in many countries who claim to be Latin. They also stated that some of its work was undertaken by other hackers scattered all over the Philippines and Brazil when their hands are full.

The hackers had created their very own chat group on the darknet market because sellers on other darknet marketplace considered their offerings too likely to attract attention from law enforcement.

“They’re afraid of our products,” one CMarket seller wrote. A leaked chat log obtained by the BlackOps undercover operative also revealed a CMarket seller told the undercover operative that he had once sold databases linked to Nato and the Germany Defence Ministry and also went ahead to offer access to some breached devices of a terrorist cell that was allegedly under training to infiltrate Western Europe. “They’re all active supporters and combatants [sic],” the seller wrote, noting that the terrorists were being trained at the time and “will be sent to other parts of Europe. … Not all, but some.”

The CMarket hackers were contracted in 2016 by a Russian group to breach the cell’s devices. The seller then stated that the Russian group was planning on selling access to the breached devices to authorities, but was waiting on the terrorist group to begin carrying out attacks, since it would push up the data’s value.

The seller wrote, “Data of fighters raise value [sic] as soon they engage in operations.” He added, “Soon these names [sic] will appear on news :)”

He went on to say that the Russian group had provided them with a special cyber weapon to enable them carry out the breach. The seller described the tool as “basically RAT (remote access Trojan) but way more advanced … capable infect [sic] through other ways researchers still dream about,” and noted, “They have a guy working on university developing new technology.”

He also added to his claims that he had in possession of login information for computers being used by personnel of UK’s MI5 and the Royal Air Force. Confirmation of those claims, however, is still lacking.

CMarket reportedly also had an entry which offered access to power plant facilities and multiple critical infrastructure components, typically known as “SCADA” systems. Access was going for a price of 3 to 5 bitcoin, which is equivalent is between £6,309 ($8,261) and £10,515 ($13,768).

Another reported offering was advertised as an access to the U.S Coast Guard’s Vessel Identification System which is used in monitoring automatic tracking systems used to identify ships, including those used by law enforcements.

That entry was also being sold for 5 to 7 bitcoins ($11,761 to $16,465). BlackOps also reported that the CMarket hackers were trying to trade the breach to smugglers who could use it to trace and avoid Coast Guard ships. The offerings contained various identities and personal information of agents in the Federal Police of Brazil.

The online post noted that some of the identified agents “participated in the operation darkode,” referring to the federal takedown in 20 countries of the Darkode cybercrime online forum in July 2015.