A local cybersecurity expert is raising the alarm over what he says appears to be a significant increase in government data being offered for sale online.
Kurtis Minder, CEO of cybersecurity firm GroupSense, said he has noticed a recent increase in offers to sell classified government data, as well as access to government systems.
“We’ve just seen an increase in volume of either initial access to government networks, government systems, and/or selling, trading, dumping classified information and data,” Minder said. “It seems to have increased in volume lately to the point where I raised the issue and have been trying to get people to pay attention to that.”
Minder said that this current uptick in activity could be related to recent breach problems with the DOGE work or other government leaks, but he can’t be certain, adding that the connection in timing is circumstantial.
Minder said there are black markets online operating on the “dark web” for this type of data and system access that work similar to normal online stores. Sellers will have customer ratings to ensure buyers get what is promised. There are also moderators, Minder said, that may ask for some proof that what they are selling is the real deal.
Minder’s company operates in these dark web areas to see what companies may be vulnerable and what data is being made available for sale.
“We run, I think the analysts like to call it a digital risk protection business, but it’s basically a cyber espionage company where we sort of infiltrate underground channels and marketplaces and then we monitor that activity for our clients,” Minder said.
GroupSense’s clients are typically large commercial companies, Minder said, but also some in the public sector. He said, while he hasn’t been closely monitoring the amount of government data for sale, there was enough of an increase that it caught his attention.
“I haven’t gone through and counted them up,” Minder said. “I would say it’s several times the normal volume. It comes in waves. You might have a few days where you don’t see seemingly anything government related, then you’ll see a bunch at once.”
One area in particular he said he has seen an increase is from what are called “initial access brokers.” These are people who sell illicit access to computer systems online.
“An initial access broker is a bad guy or a hacker who breaks into someone’s system or network and then goes on one of these marketplaces and sells that access to other bad guys,” Minder said.
Minder said defense-related data and access, as well as defense contractors, have been areas that he said he has seen an increase.
While the increase has been noticeable, the cause is not yet known. He said it could be poor cybersecurity practices like using personal devices for government work. There have been media reports of government employees recently utilizing personal devices and commercial apps for sensitive communication, like the reported group chat about a military strike in Yemen that included a reporter from The Atlantic in March.
“My only thought is anytime you’re kind of sidestepping protocols there’s the risk of this kind of thing happening,” Minder said. “So it may be a coincidence, but maybe not.”
There are ways for the government to investigate and fix areas where bad actors had gained access to its systems, Minder said. However, data releases are harder to fix.
Minder said he advises everyone to do what they can to protect their data online. Even breeches of small businesses can help bad actors gain access to larger systems.
“One of my soapboxes, if you will, has been that we’re all connected, so everybody should be doing their part from a cyber hygiene perspective,” Minder said.
