The trade war between the United States and China has lasted for more than one year — and a resolution is nowhere in sight.World Economyread more
The Fed is expected to cut rates Wednesday, but it is unlikely to tell markets what they want to hear on future rate cuts.Market Insiderread more
Pelosi said Trump should not have tried to address China's trade practices in a way that opened Americans up to financial pain.Politicsread more
Investors await the Fed's latest decision on monetary policy, set to be released on Wednesday stateside. The U.S. central bank is widely expected to cut rates by 25 basis...Asia Marketsread more
TransferWise posted an annual net profit of £10.3 million on revenues of £179 million.Technologyread more
Live the high life with a night's stay at Highclere Castle, the iconic stately home made famous by Downton Abbey.Spendread more
Large banking institutions face the risk of failure if interest rates in Europe continue to stay negative, warns the global chief economist of the Economist Intelligence Unit.Banksread more
The fallout from two fatal crashes of Boeing 737 Max planes has ensnared the manufacturer's most-loyal customer: Southwest Airlines. The carrier has canceled thousands of...Airlinesread more
Brent crude oil jumped the most in history in the previous session after attacks on Saudi's oil industry disrupted the kingdom's production.Marketsread more
In the survey, conducted after the third in the Democratic Party's series of debate, the former vice president draws 31% compared to 25% for the Massachusetts senator. At 14%,...2020 Electionsread more
Stocks rose slightly on Tuesday, but gains were capped as the Federal Reserve kicked off a two-day monetary policy meeting.US Marketsread more
It would be hard to walk into to a major business and walk away with all its sensitive information. But sometimes that's not the case when it comes to online networks.
Q6 Cyber, a cybersecurity firm that specializes in monitoring the dark web, showed CNBC a forum post in Russian where the cybercriminal was offering access to a New York City law firm’s network and files, and was willing to send screenshots as evidence he had broken in.
The price for the access was $3,500.
That law firm was not alone, says Eli Dominitz the founder and CEO of Q6, which is based on Hollywood, Florida. Q6 has found similar information from law firms in Beverly Hills and other locations across the country for sale. They would not name any of the law firms.
“If you're a law firm that's involved in major transactions, [mergers & acquisitions] of publicly traded companies, you're going to have a lot of sensitive information, inside information before it becomes publicly available,” Dominitz said. “If I'm able to access that, I can trade around that and manipulate stocks and make a lot of money. We've seen that kind of activity by very sophisticated cybercriminals.”
The law firms are just one of the many targets of cybercriminals. There has been a 135 percent year-over-year increase in financial data, such as bank account logins and financial records, being sold on dark web, according to Intsights, a cyber-intelligence company.
“Today, banks and financial institutions have lots of partners and third parties. [There are] lots of security vulnerabilities and black holes. In many cases, a hacker can manage to take advantage of one platform,” said Itay Kozuch, Intsights' director of threat research.
None of the experts CNBC spoke to were surprised the law firms’ records were for sale.
Matt O’Neill, a supervisory special agent with the Secret Service unit that manages financial crimes said he wouldn't be at all surprised if law firms had their data stolen and sold online.
While the law firm information for sale was found on hidden websites, O’Neill says the top cybercriminals are actually becoming more brazen about advertising their wares. It comes down to getting the most customers.
“You want everybody who potentially wants to buy it to access you, and not to go through a bunch of different steps in order to even find you,” O’Neill said.
“I would say that the people operating on the dark web are on the lower tier of the hierarchical structure of bad guys,” O’Neill said.
But that lower tier is now collaborating on dark web forums and becoming more sophisticated.
“They actually have different sites in various languages in which you'd go and actually exchange ideas, and collaborate from a criminal nature,” said Robert Villanueva, an executive vice president at Q6. He spent over 20 years with the Secret Service and founded their cyber intelligence section. “There's hundreds of these websites. Thousands of users and threat actors on these websites, dedicated to one thing: cybercrime. Period.”
To the cybercriminals, borders do not matter.
“You can be a criminal in Nigeria, in Brazil, in Miami, in London. All you have to do is know where to go, find the right tools and services, and you can be up and running very quickly. It's almost plug and play,” Dominitz said.
While most cybercriminals are motivated by money, there is a sense of community on these forums with members willing to share their tips and tricks, according to Dominitz. “A lot of these forums have dedicated sections or threads and posts that are helping these newbies get in the business of cybercrime," he explaineed.
One major target they're trying to capture? Your user name and password. Dominitz showed CNBC an online marketplace where these credentials are sold.
“These are… online logins to financial institutions, ecommerce companies, retail companies,” he said.
There is a 40 percent year-over-year increase in financial institution credentials being sold on the dark web, according to Intsights.
The marketplace CNBC saw predominantly sells consumer credentials, but criminals can gain access to business user names and passwords as well.
“We've seen situations where cybercriminals are specifically advertising IT admin credentials…Those have very, very high privileges, and those accounts worth a lot of money,” Dominitz said. “A CEO is going to have a lot of sensitive information. But if you're talking about network access and systems access, it's usually the IT admin who's going to have a lot more [access] than anybody else.”
Another reason cybercriminals want credentials is to access email accounts.
“How many people keep sensitive information in their emails, in their different folders? Well, that's how they get into multiple accounts. And then, basically compromise your credit. Compromise your family security,” Villanueva said.