Darknet Seeks Web Developers and Pentesters

Experts from Kaspersky Lab have published the results of an intriguing study on darknet job postings. Analysts examined vacancies on 155 Russian- and English-language forums, collecting and analyzing over 800 job ads related to job searches and offers. The findings revealed that the most in-demand professionals on the black labor market are web developers and attack specialists, also known as pentesters.

“Various job openings are actively posted on the darknet, including offers to participate in cyberattacks. The main motivation for job seekers on these platforms is the expectation of easy money and significant financial gain. However, it’s important to understand that many of these ads are scams, and there are no guarantees that the ‘employer’ will keep their promises. Moreover, collaborating with cybercriminals carries serious risks, including legal consequences,” says Polina Bochkaryova, an expert at Kaspersky Threat Intelligence.

Coordination Schemes Among Attack Teams

The study found that there were significantly fewer messages from potential candidates than there were job postings: only 17% of the posts were resumes. This is likely because job seekers are more inclined to respond to published vacancies than to post information about themselves.

The highest number of job ads was published in March 2020, likely due to the onset of the COVID-19 pandemic and subsequent changes in the job market.

Who’s Hiring and for What Roles?

The main “employers” on the darknet are hacker teams and APT (Advanced Persistent Threat) groups. They look for people capable of developing malicious code, distributing it, creating and maintaining IT infrastructure, and more.

As previously mentioned, developers are the most sought-after specialists (61% of all ads), and they also top the list for highest pay. The most in-demand programming specialization is web development, accounting for 60% of all programmer job ads. In the illegal sphere, these professionals often create phishing pages, shadow forums, marketplaces, and admin panels for MaaS (Malware-as-a-Service) threats. There is also high demand for malware writers, whose tasks include creating trojans, ransomware, stealers, backdoors, botnets, and developing or modifying attack tools.

Pentesters and Other In-Demand Roles

Pentesters, or attack specialists, are the second most sought-after group, making up 17% of all vacancies. Most of these jobs involve compromising organizational infrastructure (network attacks) for purposes such as ransomware infection, data theft, or stealing money from accounts. Attackers are also hired to hack web and mobile applications.

Surprisingly, designers rank third, accounting for 10% of all vacancies. Alongside web developers, designers help create phishing pages, scam emails, and fake websites, making them indistinguishable from legitimate ones. There is also demand for UI/UX and graphic designers.

Additionally, several dozen vacancies (6% of the total) were for administrators, with more than half seeking system administrators. DevOps, web, and NOC administrators are less commonly hired. These roles involve setting up and maintaining attacker infrastructure and managing compromised victim networks. Tasks may include server maintenance, panel installation, hosting purchases, and proxy server creation.

Finally, reverse engineers are the least in demand, making up just 4% of vacancies. However, they command the highest median salaries. Their responsibilities include finding and exploiting unknown vulnerabilities in hardware or software, analyzing security solutions, and tracking security updates to find ways to bypass them. Researchers believe the low number of reverse engineering vacancies is because developers often combine this skill with their main job.

Recruitment Methods and Working Conditions

Interestingly, the methods for selecting IT specialists on the darknet are very similar to those used by legitimate companies. Employers are just as interested in highly qualified candidates and often mention test assignments (sometimes paid), interviews, probation periods, and other selection schemes in their ads.

Darknet employers also try to attract candidates by offering favorable working conditions. The most commonly mentioned benefits are remote work (45%), full-time employment (34%), and flexible schedules (33%). However, remote work is more of a necessity than a perk, as anonymity is crucial among cybercriminals. Other benefits sometimes include paid vacations, sick leave, and even a friendly team environment.

Salaries in the Darknet IT Market

The highest salary observed by experts in darknet job ads was $20,000 per month. Median salaries offered to IT specialists ranged from $1,300 to $4,000, with the highest median salary ($4,000) offered in ads seeking reverse engineering specialists.

Source

Onion Market — a free P2P exchange on Telegram. They offer XMR, BTC, and USDT.TRC20.