Criminal groups sell access to computer networks of financial companies such as Bank of America Corp. as well as hacking tools that appeal to these companies, according to a British researcher who was browsing the dark web marketplaces.
Michael McGuire, a Surrey University professor of Forensic Forensics, had joined several dark web groups to find tools for sale that are capable of stealing business credentials. Beyond credentials customers of Bank of America, PINs and Qatar National Bank PINs were found.
Their findings, which were published today in a survey, offer a close look at the dark web, the section of the Internet that requires specialized software or authorized access and which is not accessible by conventional search engines. There are many dark web sites that serve as a market for hackers who sell their services and the data they have stolen in the past.
The scale of data breaches has increased in recent years as criminal hacking teams are becoming more and more experienced in corporate network penetration and information gathering. Often these data are then used for identity-theft and credit card fraud. In other cases, access to a network is used for ransomware infection that encrypts the content using a key. Hackers then ask for ransom to be paid for the delivery of the key.
In the case of the Bank of America, the material McGuire found to be available was false websites that could be used to collect customer data in Phishing. In these attacks, a customer sends an e-mail message that appears to come from the bank asking him to click on a link to access his account. The link takes them to the bogus website and records their username and password.