Dark web marketplace allegedly selling access to 'power plants, hospitals and airlines'

An underground dark web marketplace is selling access to the private computer networks of critical infrastructure targets – including power plants, government departments, hospitals, financial firms and airlines – in exchange for bitcoin, a form of digital currency.

That's according to little-known threat intelligence firm BlackOps Cyber, which allegedly provided The Epoch Times with "analysis, screenshots and chat logs" from an invite-only section of the website known as "CMarket", which was previously called "Babylon APT".

The Epoch Times first reported this week (27 July) that a researcher was able to gain access to the website and glean information from its "top members".

The main culprit behind the service is a state hacker who also works for the Chinese Communist Party (CCP, the security firm told the digital publication.

Based on the insider's information, The Epoch Times revealed that CMarket was the combined effort of several cybercrime groups, and also said that some work is contracted to other hackers located across Brazil and the Philippines.

Based on one leaked chat log, a CMarket vendor told the undercover researcher that he had previously sold databases linked to Nato and Germany's Ministry of Defence, while also claiming to have login information for computers used by personnel of UK's MI5 and the Royal Air Force.

Such assertions have not been independently verified.

The dark web is full of so-called "hidden services" and can only be accessed with the use of special browsing software that helps to provide an anonymous internet connection. Despite being part-funded by the US government, it is frequently used by hackers and cybercriminals.

One entry on CMarket reportedly offered access to power plant facilities and multiple critical infrastructure components, typically known as "SCADA" systems. Access was listed for a price of 3 to 5 bitcoin, which is the equivalent of between £6,309 ($8,261) and £10,515 ($13,768).

Another was reportedly advertised as access to a "vessel identification system" used by the US coast guard and designed for law enforcement to locate and trace ships.

The entry was allegedly being sold for 5 to 7 bitcoins, which translates to between £10,515 ($13,768) and £14,715 ($19,267).

Additional listings apparently include database information from a chemical company based in Egypt alongside vulnerabilities within the computer networks of companies including United Airlines, Japan Airlines and cargo services including UPS and FedEx.

BlackOps Cyber did not immediately respond to a request for comment from IBTimes UK. A contact email address listed on the CMarket website also went unanswered.

Extraordinary claims require extraordinary evidence, something that the intelligence company has yet to provide. Chat logs and screenshots can, of course, be altered and faked. The company has a minimal social media presence, and few followers on Twitter and LinkedIn.

But it would not be the first time access to vulnerable systems was being sold on the dark web. In July 2016, Russian security giant Kaspersky Lab released a report on "XDedic", a hidden service promising access to roughly 70,000 compromised web servers in more than 150 countries.

"From government networks to corporations, from web servers to databases, xDedic provides a marketplace for buyers to find anything," Kaspersky Lab said in a blog post at the time.

Police around the world recently launched a joint crackdown on two of the biggest underground marketplaces on the dark web, AlphaBay and Hansa. Before the notorious domains were seized, the platforms facilitated the sale of class-A drugs, weapons and hacked databases.

If you have any information about CMarket or Babylon APT please contact the author via: j.murdock[at]ibtimes.co.uk