Embedded Files
Any information presented in this article is for educational/documentation purposes ONLY.
War profiteering is, was, and shall remain a (rightfully) complicated topic.
On one hand, morality dictates that any conflict should be resolved quickly, with little to no loss to human life or infrastructure, and the act of receiving payment for anything that might assist in doing the aforementioned things above could be considered immoral.
On the other hand, protecting human life and infrastructure in the modern battlefield is expensive, time consuming, and generally difficult to do, therefore, those who choose to assist in those important tasks should be compensated, and compensation, is indeed profit.
This subject isn't anything new, since the Neanderthals made crude knives and spears, status was no longer dictated by physical size, but by lethality, we can see this today between Russia and Ukraine, India and Pakistan, and even Israel and Iran.
As mankind's lethality grew, so did the fruits that those who chose to invest it in got to reap.
As much as Neanderthals and the history of war profiteering is interesting, we are here to talk about threat intelligence.
I’ve built and maintained a personal stream of intelligence sources spanning both clear and dark web forums and marketplaces, dating back nearly two years to when I first entered the field. As part of a recent independent research effort into behavioral trends and pricing patterns across these intelligence markets, I came across an unusual post in one of my more active sources, one that stood out not just for its content... Can you guess which one of the ones below it is?
No, it's not the one selling vending machine source codes.
Right at the bottom, under a thread made by an Islamic extremist threat actor, there it is.
"Database for Israel people, sold for good price." And it wasn't the only one.
Between vigilante justice, "free of charge" leaks, there exists a group of people, possibly uncaring and nonchalant to the morals, history, and general animosity between the two sides of this conflict, that see it as a financial opportunity.
Identifying the listing wasn’t a matter of passive reconnaissance. It was the result of ongoing monitoring over several months, user behavior profiling, and cross-referencing this post against patterns seen in other conflict-related listings. The anomaly wasn’t just in the content, it was in the context, timing, and motivation behind it.
Before we dive deeper, it's important to differentiate between defense contractors, who legally assist legitimate militaries in conflicts and during peace times, and these hackers and resellers, that actively break the law in favor of terrorist organizations; as well as differentiating between ideologically motivated threat actors, and these financially motivated threat actors.
The first is an obvious differentiation, but the second is a lot more nuanced.
During the Russia-Ukraine war, hackers and sellers on the dark web hopped on the "Hype Train", marketing data, military documents, and confidential files as much as they could, both sides waged cyber-warfare against one another, both at the nation state and at the gray-hat, ideological levels, but "profiteering" was prevalent.
However, the October 7th massacre, and the now freshly-over Iron swords war, dragged a much larger hacktivist wave of attacks, as opposed to the bustling marketplace seen in other places, mainly due to the higher relative number of pro-Palestinian aligned hacker groups.
This just goes to show that even in a field dominated by hacktivist activity, in true internet fashion... Someone is going to try and sell us something.
Until next time, remember folks;
Fear No Evil.
Google Sites
Report abuse