New research published in a blog post today by dark web researchers Searchlight Security reveals the severity of earlier claims that Nato was assessing classified military documents being sold on the dark web. The blog post also explores the wider problem of classified documents being sold online.
At the end of last month, it was reported that hackers (known as “adrastea”) claimed to be selling data from the European company MBDA Missile Systems, reportedly the world’s second largest manufacturer of missiles. Louise Ferrett, Threat Intelligence Analyst at Searchlight Security, investigated these claims using the company’s Cerberus platform.
Whilst the BBC reported that MBDA acknowledged that some of its data was included in the stash it denied that it did not own the documents that were leaked, blaming one of its suppliers instead. Searchlight Security noted:
“When we investigated, we found that this denial was contested by the adrastea user when they posted an advertisement for the data on Russian cybercrime forum Exploit on August 5th:
“In this post, the hackers claimed to have “confidential information about employees of companies, which took part in the development of closed military projects”, “activities in the interests of the Ministry of Defense of the European Union”, and “design documentation of their airbase, missile systems, and systems of coastal defense”.”
The Cerberus platform also flagged that the group had advertised the same MBDA data on other platforms.
Searchlight Security goes on to offers valuable insight into the world of dark web selling:
“Firstly, this case is yet another reminder to treat attackers’ claims about the data they possess with skepticism. While the sample files accessed by the BBC show that the data adrastea is selling certainly is sensitive, that does not necessarily mean it has come from MBDA as they have advertised,” reads the blog.
Additionally, the blog suggests, this case demonstrates how cybercriminals seek to use the dark web to commercialise stolen data. The report also highlights how sensitive the type of data obtained and on the market is, highlighting the importance of dark web intelligence and research.
Last month, IT Security Guru writer Cole Aungle sat down with Searchlight Security to discuss all things dark web.