The wages of sin aren't that great if you're a developer choosing the dark side

Malware developers and penetration testers are in high demand across dark web job posting sites, with a few astonishing - but mostly average - wages.

This, according to a two-year analysis by Russian security house Kaspersky of 227,000 job listings on 155 forums collected between 2020 and 2022. The report found that many ads mirror the style of legitimate IT job postings but with a couple big exceptions: all the work is remote by default, and - for obvious reasons - there are no formal employment contracts for these illegal gigs.

So if you were to get a job as a ransomware developer, don't be too surprised if your employer stiffs you after you've helped extort millions of dollars from a hospital or public school district. In addition to possibly not getting paid, there are other risks associated with cybercrime jobs such as prosecution and imprisonment, which are hardly perks. 

And back to that requirement that Kaspersky notes is "peculiar" to many employment listings: the absence of substance abuse issues, with one example asking for "teamwork skills, stable connection, no alcohol or drug addictions."

Despite the common expectation that miscreants can make a lot more money using their hacking skills for evil, rather than good, Kaspersky noted that "we did not detect a significant difference between the median levels of IT professionals' compensation in the cybercriminal ecosystem and the legitimate job market."

Crime doesn't pay that well

Developers were the most sought-after candidates on dark web forums and accounted for 61 percent of total ads. "This could suggest that the complexity of cyberattacks is growing," according to the analysis. "The higher demand for developers could be explained by a need to create and configure new, more complex tools."

For comparison: attackers/penetration testers came in second with 16 percent and designers ranked third with 10 percent.

The compensation for these jobs also reflected the in-demand coding capabilities. The highest paid monthly salary that Kaspersky saw in the ads was $20,000 per month, paid to a developer. The median monthly salary for developers, however, came in at $2,000 per month, compared to attackers ($2,500), reverse engineers ($4,000), analysts ($1,750), IT admins and testers ($1,500) and designers ($1,300).

There's also the potential for performance-related bonuses, Kaspersky researchers found: "For example, a pentester could be promised a monthly salary of $10,000 along with a percentage of the profits received from selling access to a compromised organization's infrastructure or confidential data, extortion, and other ways of monetizing the hack."

• Tech job bloodbath comes to IBM, CFO links layoffs to Kyndryl, Watson Health
• Uncle Sam slaps $10m bounty on Hive while Russia ban-hammers FBI, CIA
• Analysis of leaked Conti files blows lid off ransomware gang
• Weep for the cybercriminals who fell for online scams and lost $2.5m last year

And similar to legitimate, legal-IT professional hiring processes: dark-web job listings often mention paid test assignments, interviews, and probation periods, as well as incentives such as paid vacation and sick days, pay raises and opportunities for growth, and flexible hours. Some ads even touted more nebulous job benefits such as a close-knit team (8 percent of ads) and exciting challenges (7 percent).

The research also seems to suggest that the adage about desperate times holds true. "Many turn to the shadow market for extra income in a crisis," the report said, noting that the number of resumes posted on dark-web forums surged at the start of the COVID-19 pandemic in March 2020.

This is worrisome given the recent tech layoffs and economic downturn of late. Here's hoping that this line stands out to any newly out-of-a-job IT professionals weighing their options: "The risks associated with working for a dark web employer still outweigh the benefits." ®