Swiss cybersecurity firm Prodaft has launched the ‘Sell your Source’ initiative to gather intelligence on malicious activities and infiltrate cybercrime spaces by purchasing verified and aged accounts on hacking forums.
Prodaft is using these accounts to collect valuable intelligence that could lead to the exposure of malicious operations and platforms. “As a threat intelligence company, we specialize in obtaining visibility into the infrastructures of cybercriminals, searching for patterns, tactics, techniques, and procedures that help us understand adversarial networks and detect and mitigate potential cyberattacks,” Prodaft explains. The firm aims to ensure its coverage does not hit any limitations by gaining access to underground forums and illicit marketplaces.
The company is currently interested in buying accounts from the XSS, Exploit.in, RAMP4U, Verified, and Breachforums cybercrime forums. It is willing to pay extra for accounts with moderator or administrator privileges. However, Prodaft will only accept accounts created before December 2022 and those that have not engaged in cybercrime or unethical activities in the past. The firm also states that it will not purchase accounts on the FBI’s or other law enforcement’s most wanted lists.
Prodaft has assured that the transfer process is anonymous and, while it will report account purchases to law enforcement authorities, it promises not to disclose sensitive information. Sellers can contact Prodaft anonymously via TOX or email to initiate the account review process. Once the account is approved for purchase, Prodaft will make an offer. Payment methods include Bitcoin, Monero, and other preferred cryptocurrencies. The pricing depends on various factors and is determined after a thorough analysis of the account.
Prodaft has advertised its new program directly on hacking forums, using an old account on the Russian-speaking XSS cybercrime forum to promote the buying of accounts. The firm is known for its aggressive investigation methods, which have been used to infiltrate ransomware and cybercrime operations in the past, sometimes leading to the identification and arrest of cybercriminals.
In one notable case, Prodaft infiltrated a sophisticated attack automation platform belonging to the FIN7 hacking group. This operation involved leveraging Microsoft Exchange and SQL injection flaws to breach corporate networks. As a result, Prodaft identified and proactively alerted over eight thousand compromised organizations, potentially preventing subsequent ransomware attacks or other payloads.
