Cybercrime comes with high-risk high-rewards, and given the increasing number of targets — people and organisations — using the internet, its dark underbelly is booming too. Like any other organisation, cybercrime groups also need to hire developers and pen-testers to continue to grow and get bigger paydays. But contrary to popular belief, it seems the financial reward of joining the dark side isn’t as high, with some of the highest monthly salary figures around $20,000 for developers.
The primary employers on the dark web are APT groups or smaller cybercrime groups looking for those who can assist or completely develop malware and help spread and maintain the code. Cybersecurity firm Kaspersky analysed job listings on 155 dark web forums between January 2020 and June 2022. These forums see a high volume of ads for “selling and buying stolen data, offers to code malware and hack websites”, and participate in “attacks on companies”.
On average, developers got the most lucrative deals topping at around $20,000 per month; however, the median developer pay was around $2000. The median pay for IT professionals ranges from $1300 to $4000 — reverse engineer job ads saw the highest median salary of $4000.
Too much risk for too few benefits?
The job postings included perks such as remote working, full-time employment, flexible schedule, fixed salaries, paid vacation and sick leave. Some even mentioned “exciting challenges” and “career prospects” among the perks offered as well as commissions from successful ransomware campaigns.
|Dark Web job||Median monthly salary|
The researchers also found some dubious ad posts that described the job as “legal” and offered $100,000 per month ($1.2 million annually) for pen-testing candidates. Some job postings also required the candidate to finish a job — such as hacking a website or creating a phishing page — to get paid. Other examples of flexible pay included a monthly salary, and a percentage of the profits from ransom or selling compromised data, among other ways of monetisation. All these payments are usually made through cryptocurrency.
While these might not seem bad to anyone unemployed or freshly out of college looking for a quick payday, not only do these jobs invite prosecution from law enforcement, but they also do not come with a guarantee of payment. Also, the lowest job offer was for $200.
Out of the roughly 200,000 job ads analysed, employers mainly looked for developers (61%) and pen-testers (16%). However, dark web jobs aren’t limited to those who can write malware and attack; 10% were looking for designers, 6% for administrators, 4% for reverse engineers, 2% for analysts and 1% for testers.
The researchers also noted that 41% of these ads were posted in 2020, with the most postings in March 2020 — around the time the pandemic hit — likely caused by the increased potential for attacks due to the change in the work scenario with most companies and people working remotely.
These ads weren’t only posted by employers but also by job seekers who were likely hit by layoffs and were looking for any avenue of employment — everything from moderating Telegram channels to ransomware attacks.
“Salaries offered on the dark web are seldom significantly higher than those you can earn legally. Nevertheless, unhappy with their pay, a substantial percentage of employees in the legitimate economy quit their jobs to find similar employment on the dark web market. Changes on the market, layoffs, and pay cuts, too, often prompt them to look for a job on cybercrime websites,” Kaspersky researchers noted. “Other factors are a lack of certain candidate requirements, such as a higher education, military service record, absence of prior convictions, and so on.”
While some of these job offers sure look lucrative and an easy way to make a buck, they surely come with too much baggage to be seen as a long-term replacement for a regular job, especially considering that even someone employed with an APT group will have to look over their shoulders all the time due to constant threat from law enforcement who’ve become more active as these attacks are getting more frequent.
In the News: Meta fixes 2FA bug on Facebook and Instagram