Prodaft, a Swiss cybersecurity firm, has recently launched an innovative initiative called ‘Sell your Source’, aimed at purchasing verified and aged accounts on hacking forums to surveil cybercriminal activities.
The primary objective of this initiative is to utilize these acquired accounts to infiltrate cybercrime spaces and communities, with the ultimate goal of gathering valuable intelligence that could potentially lead to the exposure of malicious operations and platforms.
According to Prodaft, a threat intelligence company specializing in obtaining visibility into the infrastructures of cybercriminals, their focus lies in identifying patterns, tactics, techniques, and procedures that aid in understanding adversarial networks and detecting and mitigating potential cyber threats.
Given that these activities are typically associated with the deep and dark web, underground forums, and illicit marketplaces, Prodaft aims to ensure their coverage does not face any limitations. Hence, the decision to purchase specific forum accounts that provide access to these networks was made.
The cybersecurity firm is currently interested in acquiring accounts for various cybercrime forums such as XSS, Exploit.in, RAMP4U, Verified, and Breachforums, offering additional compensation for accounts with moderator or administrator privileges. However, accounts must have been created before December 2022 and have no history of engaging in cybercrime or unethical activities to be considered for purchase.
Prodaft assures that the transfer process is carried out anonymously, with a commitment to reporting account purchases to law enforcement authorities while ensuring sensitive information is not disclosed. Sellers can anonymously reach out to Prodaft via TOX or email to initiate the account review process for potential purchase.
Upon approval, the firm will make an offer to the seller, with payment options including Bitcoin, Monero, or any other preferred cryptocurrency. The pricing for accounts will vary based on multiple factors, with each account undergoing analysis to determine a specialized quote.
Additionally, Prodaft actively promoted their initiative directly on hacking forums, leveraging an old account on the Russian-speaking XSS cybercrime platform to advocate for the sale of accounts. The firm is recognized for employing aggressive investigative methods to infiltrate ransomware and cybercrime operations, leading to the identification and apprehension of cybercriminals in certain cases.
A notable instance involves the infiltration of an advanced attack automation platform belonging to the FIN7 hacking group, which exploited Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks. This infiltrative effort resulted in the proactive alerting of over eight thousand compromised organizations, potentially preventing them from falling victim to ransomware or other malicious payloads in subsequent attack phases.
Overall, Prodaft’s ‘Sell your Source’ initiative signifies a strategic approach to combat cyber threats by leveraging acquired accounts to gather intelligence and disrupt malicious operations within the cybercriminal landscape. Through their proactive stance and commitment to cybersecurity, the firm aims to contribute significantly to the protection of organizations and individuals against evolving cyber risks.