The Shadow Resume: Exploring Job Hunting on the Dark Web

We are all familiar with “job hunting.” We look for high pay, PTO, good insurance, and work-life balance. It can be a daunting task with the interview process and waiting on a phone call for your start date. We know what looking for a job looks like in the business world but what does job hunting look like on the dark web? You would think that threat actors have to go through the same process as we do to get a job.

In this article, we will walk through the job-hunting process on the dark web and what details surround the cloud of mystery of the dark resume’.

The Dark Menagerie.

Looking for a job on the dark web can be very interesting, to say the least. There are scammers, fake ads, and some would say entrapment postings from governments around the world. In order to find a job on the dark web, you first need to know where to look. There are many dark website forums that post about jobs or need help with a potential data breach.

For this article, I am posing as an individual who is looking for work in any area. I wanted to keep my options open and have a conversation with cybercriminals about their world. I responded to two posts, and we will walk through what the details are. The first one is a posting from a person who is hiring someone who can hack a website and download data, and the other is hiring technical staff with high salaries.

Help Wanted: Hacker for Hire.

Since I am a member of various dark web forums, I searched the forum for people needing help. The search led me to a posting about someone needing a hacker to hack a website and download some data. It sounded simple enough, and I was curious about the details of the job. The job posting stated that if you did the job well, “a long-term cooperative relationship can be established.” Who could resist a sales pitch like that?

The details in the posting said, if interested, please contact via Telegram. I wanted to keep the conversation simple to understand how cybercriminals get hired for jobs. I reached out to the owner and asked about the job details. The owner was called “JOker” and they had a website that they wanted me to hack.

They had specifics about what the website had to be built with and what they needed to complete the job. After discussing the brief job details, I inquired about what someone would get paid if they wanted the job. The owner replied that they would pay 10K for the work and potentially another 10K for another website they wanted.

I went further and asked how the money would be paid if I accepted the job. I thought it would be some form of Bitcoin to keep the transaction anonymous. The owner stated that they would pay me in USDT. USDT is the symbol for Tether, a cryptocurrency that's a stablecoin pegged to the US dollar. It was something new that I had not heard of before, and I thought most transactions were done with Monero Bitcoin because Monero transactions are confidential and untraceable.

After all the specifics were discussed, the owner stated there was a clause that would guarantee payment. If you compromised the website as instructed, you needed to record a video and display the database contents. If you agreed to the specifics of the job, they would send you the websites they needed to compromise.

Underground Sales Pitch.

After the first job posting, I thought I would look at another posting to see if I could gather more details about the criminal underbelly. I saw an ad about hiring technical staff with high salaries. I was curious about the job and wanted to know the details and how much a “High salary” really was.

I reached out to the owner on Telegram…are you noticing a trend yet? I greeted the owner and asked about the details of the job. The owner’s name was “Dextr0s” and was full of information. I asked the owner about the job details and what was needed. To my surprise, the first item mentioned was the owner asking me if they could explain the cooperation model. I of course said yes because it was going to give me more insights.

The cooperation model was the following: The owner would supply me with a list of targets and the data information requirements. If I was successful, the company would purchase 10K - ($150) of data for testing and continue to use me. If I was unsuccessful, the company would have me test again until I was successful.

There was even a “Supplementary Agreement.” The owner would ask me to submit a total of ten lines as verification and they would purchase and test the data. I was actually surprised by the detail the owner was willing to talk about. They further explained that the difficulty of the job and in general was breaking past a firewall a company may have. I asked if this method had worked in the past. The owner replied that as long as the data contained what the cybercriminals needed, you would make money.

I wanted to know if this owner was affiliated with other criminal groups such as LockBit or maybe someone else. The owner said no and if I wanted to get started, they would send me the targets. If I was successful at the job, they would continue to use my services.

There is always a shroud of mystery that surrounds the dark web underbelly on how cybercriminals pick their targets. Even more on how cybercriminals job hunt on the dark web. There can be a vetting process sometimes and even an interview if you are selected for the job. Most of the time, it is a free-for-all all with some sort of proof at the end of the job and a dark web forums owners promise. There are no conversations on PTO, sick time, or 401K. Just the next job and how much money the owner is willing to pay.

Always remember that the dark web might seem glamorous with the high price tag of reward but there isn’t a rainbow at the end of the day for someone who is looking for work on the dark web. It is met with a pot of gold surrounded by leprechauns….who are there to arrest you. Is that what you want? To go to leprechaun prison? I didn’t think you would.