Are You Sure Your Employee Accidentally Clicked on that Phishing Link? Insider Trading on the Deep Web

The problem of inside information being sold on the deep web is not a new one, but it’s certainly one that major corporations need to begin to take more seriously. This is chiefly because more deep web sites are popping up which are making insider trading a cooperative venture. For the promise of anonymity and security, these sites allow select members to share and profit from the information that they give to each other.

The two main insider information trading sites on the deep web are The Stock Insiders and KickAss Marketplace. Both try to limit their members to an exclusive group. Both use extensive screening, but KickAss also charges a monthly fee, and a steep one at that. First, here’s how The Stock Insiders operates.


The Stock Insiders’ goal is “to create a long-term and well-selected community of gentlemen who confidently exchange insider information about publicly traded companies”. The administrator of the site claims to be “a former successful (originally European) IT entrepreneur living in the U.S.” who is “also an active trader and has inside access to the several publicly traded companies.” He is clearly not a native English speaker, so his foreign origins seem to check out. He guarantees security which is achieved by enabling “access to the forum only to a small number of the well-proven members.”

Kickass Markets goes a step further.

kickass-logoFor those who simply want to go from newbie to pro, you’ll first have to pay $250 a month in Bitcoins. That will eliminate many potential members right off. You also are told to do the following.


And, if you’re lucky enough to pass this test, you get to pay $1,000 a month.

What do you get? According to the administrator, members get insider information that is carefully analyzed by a team of experts. Members are not allowed to post information directly. The site does employ hackers (“They obtain information relating to a potential movement in the market”), so they apparently leak whatever the hackers may have ‘uncovered’ in their ‘investigations’. Members are given advice on when to invest to take most advantage of the leaked information. “Customer service is key, and we wish to deliver quality information.” What members make in profit is dependent on how they use the site’s advice and the amount they risk investing in it. According to information given in an interview last year, the site had members from 15 investment firms. If true, that’s a surprising and troubling fact. It begs the question: Do you still think stock investment has a level playing field?

According to information from a report on insider trading by cybersecurity firms RedOwl and InSights, insider trading on the deep web doubled last year.


To be sure, these sites are worrying, but far more dangerous is the fact that The Stock Insiders administration or rogue members of the group are selling information directly to interested investors, bypassing the site’s vetting filter. Here is an example.

“I am a member of an Insider Stock Market group: If you’re not insider yourself, but would like to profit off inside information – this is your chance. All inside stock trading groups require you to post continually or suspend your membership. We have a trade about every 5-8 days, and I am allowing you to be a part of it. I understand I need to build trust, and this will take time. I will message you details of when the trade will occur and be complete, and you will have your money back in a week or less. My occupation is trading options for a large hedge fund. I have clients who occasionally provide me tips on major announcements or earnings coming up. I exchange this type of information within the Stock Insider forum. I use my knowledge of options trading, and the insider forum to make trades. I am looking to grow my own personal wealth by trading with others money. I have a separated broker account setup, and I’m working to grow this through trades on inside information. My service; I am offering interested clients 15% return on each trade I make, which averages to 1/trade every 8-10 days. Upon purchase, I will provide the date of the trade, and when your funds + 15% will be returned. The trades made from my insider broker account yield high returns (sometimes over 200%). I keep any profit above the 15% paid to the customers. I am willing to negotiate the return rate for higher deposits. Please message me for details. I hope we can do business together. I look forward to add to my ever growing list of clients.”

This appears to be someone trying to profit from inside information. He, being a member of a trading firm, would not be able take the risk of investing himself. However, he could secretly sell his information to others. On the surface, it would look like any other trader-client relationship. The client’s  risk would be minimal and the trader secretly gets his 15% cut of any profits. Anyone investigating the transaction, even if it was connected to this insider employee, would be unable to prove that anything was out of order. It would only look like this was a regular client who happened to get lucky.

Here is a bit of a different and somewhat more dangerous approach.

“Normally: $99 SPECIAL SALE PRICE: $15 This tip is a [HIGH QUALITY] leak with [94%] Confidence and [MEDIUM-HIGH] profit potential. These tips have been harvested from compromised executive email accounts at major companies as well as from keylogged bank and law firm employees. The tips have also been stolen from hacking communities and hedge funds.”

 Is it possible that the emails of major corporate CEOs have been hacked and insider information harvested from them? Unfortunately, it is highly likely. In a post I wrote on CEO email scams, I explained how such scams operate and why they have successfully bagged over $3 billion for the hackers. Most CEO scams trick company employees into wiring money into an account that the employee believes to be valid. In the scenario above, it appears that the hackers may have found another way to get money, selling the insider information that they accidentally stumbled across during their CEO hacking.

But there is more frightening information here. It appears these hackers have had keyloggers installed on employee devices to gather information from bank and law firm networks. This is something that would take a certain amount of hacking skill to do. More than likely, they would have had to penetrate the banks’ cyber defenses by tricking an employee into downloading a file in a phishing email or clicking on a link that would eventually lead the victim to installing malware on their device. It’s a hit and miss strategy that succeeds in direct proportion to the ignorance of the employees and the quality of a firm’s cybersecurity defenses. Well-educated, vigilant employees within relatively secure networks make this strategy highly inefficient.

This is where the scariness reaches another level. The RedOwl report shows that hacking groups, or even Stock Insiders members, have actively recruited bank and corporate employees. In one instance, they wanted bank employees to give them access to computers that make money transfers. The hackers promised to pay them “7 figures on a weekly basis” for every week that they continue to have access to these computers. Here is a conversation between one hacker and a bank employee uncovered by RedOwl.


Some hackers will pay employees to install malware on a bank or corporate network, but this requires the employee to have some hacking skills and there is a real risk that the attempt will be detected.

Far better, in my opinion, would be for a hacker to arrange for an employee to ‘accidentally’ open an attachment or click on a bad link in a phishing email that the hacker sends them. This would enable the hacker to have remote-access malware installed on a key device through which they would infiltrate the network, getting what it is they are looking for. They would not have to worry about relying on or training a technologically-challenged employee. They would not have to teach them hacking techniques and the employee would not have to endanger themselves by making an inept move.

Even if caught in such an arranged scam, the employee could simply claim ignorance. If the planned phishing email was well designed, such a plea of ignorance might seem valid. The employee would simply suffer some reprimand. At worse, the employee would be fired. However, if the money they made in the fraud scam was anything like the numbers mentioned above, they may not even worry about losing their jobs. In fact, a good hacker with good malware would be able to erase all evidence relating to the intrusion so the employee’s complicity could not be proved.

The weak point here is the hacker’s payment of the insider. That’s where the deep web comes in. Deep web deals are held in escrow by the administrator until both sides are satisfied. In other words, if the hacker agrees that the employee has done the job, the administrator will release payment to the insider. My guess would be that this payment would have to be close to a yearly salary as an employee would, even if not proven to be involved in the hack, be at risk of losing their job due to incompetence. There are other cases of insiders being blackmailed into working with the hackers.

So do you have insiders working for hackers in your company or bank? Have you been suspicious of an employee who compromised your firm by ‘accidentally’ installing malware? Look for the usual danger signs. Was the employee already disgruntled? Did they suddenly find themselves in financial straits? Are they buying expensive things, like cars, that they shouldn’t really be able to afford? The problem with this type of attack is that education will not help. A company can do all the cybersecurity awareness training that it wants, but it can never be absolutely sure that a particular employee simply forgot the training and made a stupid decision. Sadly, such insider training is nearly foolproof and, because of this, may embolden employees to work with deep web sites and hackers. Participation in deep web markets by legitimate trading firms has the potential to become an expected, if secret, part of any trading firm’s tactics. It may even be that any firm that does not use the deep web for an investment edge will be considered behind the times.


The WorkPlay Solution: Ultra-secure, hardware separation, which puts two or more, non-communicating operating systems on any endpoint device (smartphone, tablet, laptop) will prevent insider coercion from accessing sensitive company data. The end user can even install malware on their device, but, it will not be able to cross the hardware barrier and access the corporate network.

One thought on “Are You Sure Your Employee Accidentally Clicked on that Phishing Link? Insider Trading on the Deep Web

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s