Cyber-extortion has a new racket: Extorting fellow criminals.
A Digital Shadows investigation saw a twist in the classic gambit of acquiring a company’s valuable data, threatening to release the data if a ransom is not paid, and then putting pressure on the victim through sharing the data with journalists. The target was a criminal marketplace, widely advertised in underground Russian forums:
“On October 24th, a user posted on Pastebin claiming to have accessed customer details and administrator accounts of Basetools, an online criminal marketplace. The user also claimed to have obtained personal details of the administrator and demanded $50,000 in ransom, or he would release further information and the dox of the administrator. The post threatened to inform law enforcement should the payment not be made. At the time of writing, the Basetools market was ‘under update’ and claimed it would be back in ‘a few days’.”
Digital Shadows researchers noted that while the motivation behind the threat is clearly financial, the situation also gives wings to a trend they have seen in criminals moving away from centralized markets—whether on the dark or deep web. While these historically have allowed bad actors to easily advertise and sell their illicit goods, there has been a significant shift in the past four months with the demise of the AlphaBay and Hansa marketplaces.
In this situation, there could be a payback element to the proceedings: The actor claims that the administrator of the site has been manipulating the vendors, creating false personae and falsely elevating those vendor profiles to the top of listings.
“We have previously forecasted the potential shift from centralized marketplaces to more decentralized models, and the conditions that would have to exist for this to become a reality,” the researchers noted. “The attempted extortion of Basetools, and in particular the allegations of an admin manipulating vendor ratings is yet another reason for cyber-criminals to reconsider the idea of a centralized market. In a decentralized model, the risk of this occurring would be reduced. While the conditions for a decentralized model taking the lead may not yet be there, this may take us one step further.”