Cybersecurity firm buying hacker forum accounts to spy on cybercriminals

Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals.

The goal is to use these accounts to infiltrate cybercrime spaces and communities, collecting valuable intelligence that could lead to the exposure of malicious operations and platforms.

"As a threat intelligence company, we specialize in obtaining visibility into the infrastructures of cybercriminals, searching for patterns, tactics, techniques, and procedures that help us understand adversarial networks and detect and mitigate potential cyberattacks," explains Prodaft.

"As these activities are routinely associated with places such as the deep and dark web, underground forums, or illicit marketplaces, we want to ensure our coverage does not hit any limitations."

"That is why we decided we want to buy specific forum accounts that allow us to enter these networks and see what has been going on in the adversarial waters."

Prodaft is currently interested in buying accounts for the XSS, Exploit.in, RAMP4U, Verified, and Breachforums cybercrime forums, and offers to pay extra for accounts with moderator or administrator privileges.

However, the firm will only accept accounts created before December 2022 and which have not engaged in cybercrime or unethical activities in the past, so some due diligence takes place. Furthermore, if the account is on the FBI's or other law enforcement's most wanted list, it will not be purchased.

Prodaft says the transfer process is anonymous, and while Prodaft says it will report account purchases to law enforcement authorities, it promises not to disclose sensitive information.

Sellers can reach out to Prodaft anonymously via TOX or email and share the details for the account reviewing process to get started.

Once the account has been approved for purchase, the firm will make an offer to the seller. Payment methods include Bitcoin, Monero, and any other cryptocurrency the seller prefers.

When asked how much Prodaft is offering for accounts, the company told BleepingComputer it depends on numerous factors.

"Also the price depends on many factors, every account will get analysed and given a special quote. Currently we're interested in specific sites but it may change in the future," Prodaft told BleepingComputer.

Prodaft also advertised their new program directly on hacking forums, using an old account on the Russian-speaking XSS cybercrime to promote the buying of accounts.

Prodaft is known for its aggressive investigation methods used to infiltrate ransomware and cybercrime operations in the past, in some cases leading to the identification and arrest of cybercriminals.

One notable case is the infiltration of a sophisticated attack automation platform belonging to the FIN7 hacking group that leveraged Microsoft Exchange and SQL injection flaws to breach corporate networks.

This infiltration led to identifying and proactively alerting over eight thousand compromised organizations, which could have been attacked by ransomware or other payloads at subsequent attack stages.