Insider Trading Threats on Dark Web and Underground Sources
March 19, 2021 • Insikt Group®
Insikt Group used the Recorded Future® Platform, the dark web, and OSINT sources to investigate the existence of insider trading groups among financially motivated cybercriminals and retail trading communities. This report will be of interest to financial institutions, governments, and law enforcement agencies seeking to understand the influence of these groups on the stock market.
Insider trading can be carried out more easily now than ever before, due largely to the continuing proliferation of encrypted and anonymous messaging services, and the existence of dark web and underground communities that allow threat actors to find co-conspirators and communicate with them. Historically, a small number of dark web forums catered to the trafficking of non-public corporate information; now, updated technology allows for these efforts to be conducted with much greater operational security. Financially motivated threat actors or disgruntled employees can now exchange information away from the prying eyes of law enforcement and security researchers, allowing only vetted individuals to access sensitive data being provided by insiders.
Additionally, the clearnet is host to many market trading enthusiast groups, on places like Reddit and Discord. These groups range in size from thousands to millions of users. Their existence provides a recruitment vector for threat actors operating insider trading groups, and moderators of these legitimate clearnet communities would likely not be fully capable or have the will to curtail such efforts. Insikt Group also discovered “stock signals” services, providing paid users with tips on which trades to make based on the recommendation of “analysts”. Given that the origin of the information is unclear, the unregulated nature of these services and the use of anonymous messaging services is concerning. The use of messaging services that allow anonymous registration by these services creates a scenario where, if illegal activity is taking place, it would be very difficult for law enforcement and private sector security professionals to trace the real world identities of users.
- Historical examples of dark web advertising for insider trading indicates a strong demand for non-public information sharing. Motivated threat actors will take advantage of this demand.
- Forums catering to insider trading have disappeared as threat actors migrate to more secure and anonymous messaging platforms.
- Clearnet stock trading communities provide lucrative opportunities for insider trading group organizers to recruit new members.
- Large and unmonitored stock trading discussion groups present unique security challenges to publicly traded companies.