Cyber workers turning to crime, warns study


Disgruntled cybersecurity workers, including code developers and AI experts, are offering their services on the dark web for extra cash. On top of that, other professions whose work may have been jeopardized by machine learning are also hiring themselves out to criminals.

What’s more, if the problem is not addressed by better salaries and working conditions, the cybersecurity industry could risk losing as many as one in ten workers to cybercrime.

ADVERTISEMENT

The stark warning comes from the Chartered Institute of Information Security (CIISec), which trawled the dark web and found some alarming advertisements put up there by seasoned cybersecurity professionals.

One by a Python developer offers to “make VoIP [voice over internet] chatbots, group chatbots, AI chatbots, hacking, and phishing frameworks and much more” for around $30 an hour. The developer signs off by posting: “Xmas is coming and my kids need new toys.”

Another developer with almost a decade’s experience offers to make “phishing pages, bank cloning, market cloning [...] crypto drainers, SMS spoofing, and email spoofing” and says they are “excited to try new projects out.”

A third offers to work hand in hand with AI, using large-language models to “help with coding, phishing, analyzing documents, and more,” with prices starting at $300.

Not just cyber pros

CIISec found that other industries entirely are also looking at turning their hands to cybercrime, for instance voice actors – whose legitimate livelihoods have reportedly been threatened in recent times by the rise of AI.

“I’m a voice actor,” reads one. “I can help with jobs that require making calls, I can act like a loan applicant to get loans secured, I can also act like an employee of a bank, phone company, etc and [...] conduct social engineering ops.”

The actor adds: “Legit voice acting work has slowed down for me, and I need to raise capital urgently. Let’s work. I have an American accent.”

ADVERTISEMENT

Another advertisement was placed by someone claiming to “work in PR for a collective of hackers with members based out of Asia, North and South America, Europe, and New Zealand.”

The so-called PR professional goes on to cite “recently carried out jobs,” including “hacking high-profile Twitter accounts to promote crypto rug pulls [...] gaining access to and deleting social media accounts (Instagram, Facebook, LinkedIn etc) [...] taking information from websites (data, client and company info, etc).”

More ominously, the same advertisement also offers to gain personal data on people, such as physical addresses, dates of birth, and phone numbers.

The ad signs off with the following disclaimer: “When dealing with requests, we will not help anyone we consider to be using our services to put anyone in danger.” Services start at $100.

A growing trend

CIISec says its newest findings appear to corroborate earlier research it conducted for 2022-2023, which found that unsatisfactory wages was the primary reason for people leaving cybersecurity, with more than one in five professionals working more than 48 hours a week and risking burnout.

“Gartner research shows that 25% of security leaders will leave the security industry by 2025 due to work-related stress – and that’s just leaders,” said Amanda Finch, CEO of CIISec. “Salaries and long hours are contributing to this, and we’re starting to see the impact. Our analysis shows that highly skilled individuals are turning to cybercrime.”

She added: “And given the number of people projected to leave the industry, many of those will be desperate enough to seek work in an area that promises large rewards for their already-existing skills and knowledge.”

The dark web research was undertaken between June and December last year by an undercover investigator and former police officer known only as Mark.

ADVERTISEMENT

In response to his own findings, he said: “These adverts might allude to current legitimate professional roles or be written in the same way as someone advertising their services on platforms like LinkedIn. In an industry that is already struggling to stop adversaries, it’s worrying to see that bright, capable people have been enticed to the criminal side.”

He added: “There is a huge breadth of skills being advertised on the dark web, many of which are transferable.”


More from Cybernews:

Meta hints security breach behind recent outage

Friends no more: OpenAI hits back at Elon Musk, cites his own emails

Google Search to tune down AI-generated and other low-quality content

Northeast Orthopedics suffers data breach​

Tech companies hinder independent AI research, open letter says

ADVERTISEMENT

Subscribe to our newsletter