Web developers, reverse engineers, analysts, and attackers — a role very similar to that of a penetration tester — are among the most sought-after IT professionals in the cybercriminal community, according to a Kaspersky Lab analysis of 155 dark web forums.
The study of 200,000 employment ads from 2020 through June 2022, which analyzed those containing information about long-term or full-time jobs, found a robust job market for those interested in creating malware and phishing pages, compromising corporate infrastructure, or hacking web and mobile applications.
The median salaries offered by these criminal groups ranged from $1,300 to $4,000 per month, with the highest monthly payouts found in ads for reverse engineers.
Ads for dark web developers accounted for 61% of all job postings, with demand for web developers leading the pack, while malware coders and mobile hackers were also found to be in high demand.
According to the report, other sought-after IT experts include support specialists, technical writers, engineers and architects, and forum moderators, as well as executives and project managers.
"The goal of our research was to investigate the darknet market and understand the processes involved in hiring new workers," explained Polina Bochkareva, security services analyst for Kaspersky. "The recruiting is usually behind the creation of new groups or expansion of existing ones, which ultimately increases the number of successfully implemented attacks on businesses."
What's Enticing IT Pros to Join the Dark Web?
Some IT professionals may be enticed by easy money or the lack of common requirements, such as higher education, military service record, or absence of prior convictions, Bochkareva said.
Or they may simply be looking for freelance or remote work, or for the perceived freedom offered by the dark web.
"Cybercriminal groups as well as employers in the legitimate job market are interested in highly skilled workers, so they are using the same selection criteria," Bochkareva added.
Job postings often mention test assignments, including paid ones, as well as interviews, resumes, portfolios, probation periods, and other selection methods.
"Darknet employers also do not forget that the employee also needs to be attracted by something that exceeds all the risks of working in the underground," she said. "Thus, they are trying to attract applicants by offering favorable terms of employment, among other things."
Among advantages, there are remote work ("obviously"), flextime, paid time off, paid sick leave, prospects of promotion, incentive plans, and even a friendly team listed in the terms of employment.
Dark Web Developers Beware: Jobs Come With Significant Risks
However, Bochkareva cautioned that potential employees can face a lot of trouble working on the dark web, noting that the absence of a legally executed employment contract relieves employers of any responsibility.
"A worker could be left unpaid, framed, or fall victim to fraudulent schemes," she said. "Moreover, the risks of cooperating with hacker groups are especially high, as deanonymization of their members is a priority for cybercrime investigation teams. The group may be exposed sooner or later, and its members could face jail time."
At this moment, Kaspersky is observing a constant and continuous demand for IT specialists from hacker teams and advanced persistent threat (APT) groups, according to Bochkareva.
"Business related to illegal activities is growing, and technologies are developing along with it," she explained. "All this leads to the fact that attacks are also developing, which requires more skilled workers."
Kaspersky predicts the underground job market will continue to evolve, along with new technologies of defense and offense, Bochkareva said.
"Hiring on the dark web will try to look even more like the recruitment processes in the legal job market, inheriting established standards for hiring new employees," she said.
About the authorNathan Eddy is a freelance writer for ITPro Today. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin.