Tuesday, January 31, 2023

Fired from your IT/Security job? Come to the dark web! We have cookies.

Your boss just asked you for a meeting. You walk into his office and realize HR is sitting there too; this is The Meeting. The company you have been working at needs to improve its quarter earnings, and you have just joined the thousands of unemployed IT and Security/Privacy professionals. I personally know people in that group. What to do? You have to find something else and quick: you have bills to pay and need to put food on your family's table. You will look anywhere for a job.

What about the dark web?

You would not be the first or the last. The truth is APT groups also need staff like any other business. The image of the lone hacker with no social skills and skin problems sitting on a dark room wearing a hoodie while being illumintated only by the glow of the laptop screen belongs to Hollyweird. ChatGPT notwithstanding, good malware does not write itself. Someone needs to be by the phone on the better phishing campaigns. Large scale attacks need monitoring, and attack servers do need to be patched. According to Kapersky, developers are in high demand in the dark web, and that has been the trend since COVID lockdowns:

Distribution of dark web job ads across specializations. source: http://kaspersky.com/

How safe are such jobs? Like everyone else, it depends. Some are scams, others are worse than that (think being kidnapped in the middle of the night either by your new employees or the FBI/NSA/Girl Scouts). After all, many of these jobs are sketchy at best; they legality depends on which nation is sponsoring the operation and which on the receiving end. But, there are organizations who treat this as a business, so they have a vested interested in having happy and productive employees who are eager to improve their software and services to levels they never thought possible. Some developers adn attack specialists are being offered $20K a month for their services; that is FAANG salary right there.

What about the company that fired you? Maybe after passing bonuses around for cuting costs, they bought the amazing cybersecurity software I mentioned in an earlier post to replace their staff. What could possibly go wrong?