Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for April 13th, 2017

Black Edge on the Darknet?

leave a comment »

Black Edge

I was trawling the darknet as you all know I like to do and came across a site I had seen once before and bookmarked but never got back to. The site http://b34xhb2kjf3nbuyk.onion “The Stock Insiders” is a php site that claims to be an insider trading site seeking users who will provide insider information for the collective to profit from. Now I will admit that I have been watching Billions and I am also reading “Black Edge” so this site finally struck a chord with me and I decided to mirror it and take a look inside. The following post is the sum total of what I found and some thoughts on the idea in the first place. …I am sure you all will be amused.

The Idea:

Right, well the darknet is supposed to be super secret and encrypted if you believe all of the reporters out there who cover it with conspiratorially raised brows. It only stands to reason that some enterprising joker would go and set up a site like this to trade in illegal insider information yes? Well obviously yes because here it is! As you can see from the screenshot above they are making no bones about it, they want to have players here who can provide solid insider information so as to make trades illegally and make oodles of money! Of course there are problems with that idea and I will be going into those here. Sure they make caveats about the legalities but they also claim that the server is not physically in the US and the whole server is “encrypted” which, ugh, come on people! Crypto is only as good as the system being shut down and the type of crypto being used.

….But I digress…

Now let’s talk about the intricacies of insider information and it’s use. You see, it is not that easy to obtain good insider information in the first place and secondly, using it has to be carried out carefully so as to not tip the SEC and other investigative bodies to your use of it to profit right? So by trying to open source this on the darknet is kinda scary in more than a few ways to my mind. I mean, who are these people? How do you vet them and their information they are passing? How do you not know you are being baited by a Fed or some moron in the first place? Then, how do you make the trades and profit without a trail and maybe even the potential for being ratted out if things go badly? I just keep coming up with all these scenarios where things go poorly from this idea. Personally, the notion of this site is half baked in my mind but hey, this could just be a honeytrap right?

Alright, let’s assume it is legit, how do you really go about this? Well, you start off by getting members and then testing them by asking for legit insider info to trade on so they will be allowed in as “full members” ya know, like becoming a made man ehhhhh? Ok, so I am say “jpompo6” (oh yeah wait till you get to the bottom of this here post!) and I want in. I have to create an account, then go through the vetting process by passing data to the “root” account (yes, I did say root!! wink wink nudge nudge!) on a sweet sweet insider stock tip and hope upon hope that I am accepted into the inner sanctum. One of two outcomes will happen:

  1. I wait, and I wait, and nothing happens.
  2. I hear back that I am a made man and HOO HA! I can then get into the inner sanctum and start reading all the juicy posts and making trades on them! WIN!

Unfortunately I had no real insider info to pass and, well, I am not an idiot so I did not go further than setting up a dummy account on this site. Instead I started looking at the site itself and gathering whatever intelligence I could to do a little OSINT on the users that I could see.

…And boy did I see things-n-stuff.

Membership Rules:

Anywho, the community has rules and those rules are listed below. I do sincerely love the first rule of INSIDER TRADING CLUB which is YOU MUST BE AN HONEST GENTLEMAN! Now that is some deep derp there kids. You are telling me that you want honest gents in this here illegal enterprise of insider trading informatics on the darknets? NO. WAY. The other rules pretty much follow the rules of Fight Club, don’t talk about Fight Club, Don’t fuck with Fight Club, yadda yadda yadda. The more I read the rules the more cognitive dissonance I have about the whole thing really. I do like the whole you have to keep reporting in new leads every 90 days in accordance with the SEC practice of 10-q reporting hahaha.

Say, is there a profit sharing plan here? How are the health benefits? Do I get a 401K here? Honestly, this whole model is good when you are in the real world and you are face to face with people you have developed a rapport with, not some shmuck who may be a Fed on the darknet kids. In reading the Black Edge book you can see how much of the intelligence is gathered on companies, usually you have paid sources or sources you do favors for quid pro quo and there is an understanding that if you fuck me you fuck yourself. The whole idea that I am just gonna take some inside info from the darknet and apply it to large trades on the market is a bit much for me to believe. Now maybe if you wanted to communicate data like this with known and trusted people in the darknet using encrypted comms maybe I would buy that but this site just seems to be to either be a honeytrap or a scam looking for suckers to put their legit inside info out there for a quick pump and dump.

But that’s just me…

OPSEC FAIL:

So yeah, you have this site out there and you promise all the super secret DARKNET black magic. You tell people that the data is secure and then you say “But.. You have to be careful” everyone is gonna take that to heart right? Well, almost everyone… Ok some people… Ok ok ok maybe one person. In the case of this site there was a “props” page that I found that listed users who they wanted to thank. For the most part the user names were innocuous enough to not go anywhere with an OSINT search regimen. However, there was one guy who seemed to not comprehend the idea of OPSEC.

The user JPOMPO6 who is listed in the thanks page seems to really not get the whole idea of not re-using online handles. This guy seems to have used his handle for everything online on this site and “root” likes him enough to give em props. A simple Google search for the ID drops a ton of hits that show this guy to might be Joe Pompo a CPA from upstate New York. Now given that the handle is exactly the same as the Twitter handle he uses and then further more that he is a CPA, well, I kinda think this is our man but I have to say for the record and for all you lawyers out there; (I Googled some shit and this MAY BE the guy, I am not saying IT IS THE GUY but JEEBUS it really does kinda all fit) so please, don’t sue me because I made a logical leap.

That this character under the handle jpompo6 is on this site does not in fact mean that they have traded insider information at all. In fact, I cannot see any postings by this user so it is not for me to say. All I can say is that a user who has the same handle as the Twitter user and that user has the name Joe Pompo exists is, well, there you have it… If this is the same guy then oops, your OPSEC sucks and the site’s admonishments were lost on you. One wonders what other OPSEC fails there must be inside the site, ya know, like using your corporate email or your one personal email as the contact for this site.

Oh my…..

Programming and Administration:

As if the OPSEC thing wasn’t bad enough, when the site was looked at from a security perspective things went from bad to worse. The site is leaking information, it was set up poorly and likely can be hacked if it hasn’t already. The mere fact that the root account is the one making all the posts here is scary as administrating php sites goes. However, when looking at the directory tree there was a lot left open. With all this hanging out I kinda really have my doubts about the security of the site don’t you? I personally would run away, change my name, and burn everything with my old name on it if I had traded anything of any import on this site kids.

So what have we learned today? Well, we learned that insider trading is best left to professionals and done in secret places other than the darknet I think. While the idea of insider trading is appealing to some, it is really going to fuck only you in the end when the feds come for you. Honestly, I think a better alternative is to just do OSINT and find data that has been accidentally leaked by companies and then make your trades, and as I understand it that is kinda grey area right? I mean no one told you the info, you did not pay for it, you happened upon it right? In the present day state of the internet there is so much information that is out there on mis-configured servers and the like that you could likely use that to day trade your way to riches right?

End of the day, stay away from these scam sites in the darknet kids… Unless federal prison appeals or being totally taken by fraudsters.

K.

PS.. Props to @chkefa for the heads up on jpompo6!

Written by Krypt3ia

2017/04/13 at 19:50

Posted in BlackEdge, DARKNET