A new model in the sale of stolen data emerged two days ago within the Meow Leaks group’s marketplace. In addition to the partial or complete sale of documents exfiltrated during cyberattacks on the networks of its victims, a fully operational administrative panel has now been implemented and is available to anyone who registers on the cybercriminals’ blog. To better understand how this process works, SuspectFile.com decided to explore this new system by registering for the group’s service.
Screenshot and redaction by SuspectFile.com
The only way to gain a deeper understanding of how this new data sales service operates was to register. Upon logging in, an administration panel appeared, listing all victims featured on the Meow Leaks marketplace homepage. Selecting a victim’s name opens a “compact” search window, closely resembling Windows File Explorer, where all the exfiltrated file names from that victim are displayed, with the price for each data item listed in dollars beside each file. Currently, individual file purchases are not available for all victims. The administration panel also includes the “Buy” feature for one-click purchases and an “Info” option.
Screenshot and redaction by SuspectFile.com
Note: The image above refers to the administration panel of the user registered on the marketplace service. Next to the username, the available “capital” in dollars for file purchases is displayed, and as you can see, a balance of $200 is shown next to our account. It should be noted that SuspectFile.com has not transferred any funds to Meow Leaks; the amount displayed was independently loaded by the group to allow us to better understand the full capabilities of their sales service.
Screenshot and redaction by SuspectFile.com
We contacted the group via the Tox chat platform and asked them a series of questions.
SuspectFile.com: We have read about your new data sales service available to anyone who registers on your marketplace. What were the reasons behind implementing this new type of sales model?
Meow Leaks: Because many customers want to buy files individually. Why would a person buy an entire financial company if they only need TAX forms. News people buy exclusive documents for their articles. Lawyers buy competitors’ confidential data. And so on. It’s very convenient for everyone.
SuspectFile.com: After registering for the service, we started exploring the various menus within the administration panel. What caught our attention is the purchase price listed next to each individual file. It seems difficult to believe that the pricing for tens of thousands of files was set manually. How did you determine the price for each individual file, and what resources or criteria did you use?
Meow Leaks: We use our own A.I., we have been training him for a very long time. The first thing it does is examine each file and the risks associated with it, and then it evaluates it. We purposely made the price tag lower, previously each file used to cost hundreds of times more. When asked why he overprices a file, he explains that it is a very important document, and also tells us what he would do if he were an intruder.
SuspectFile.com: What gives you confidence that this new sales approach will provide a more reliable revenue stream?
Meow Leaks: It’s already happening. If it wasn’t profitable, we wouldn’t have opened the service.
SuspectFile.com: This new sales platform undoubtedly demands a significant amount of time. Are you the only one handling the data entries, or have you delegated this work to third parties?
Meow Leaks: I’ve already started hiring work staff
SuspectFile.com: It is well-known that journalists and researchers often rely on detailed information and files to create thorough reports. Many groups, sometimes in exchange for beneficial publicity, are willing to fulfill such requests. After launching this service, how do you plan to engage with journalists and researchers? Would they need to pay to obtain requested files?
Meow Leaks: I guess not, it’s free for journalists. The great thing about this service is that I have never paid for advertising.
SuspectFile.com: While browsing the administration panel and selecting exfiltrated victim data, we noticed that the set price for each individual file is relatively low. Do you think this pricing strategy is sufficient to positively impact data sales?
Meow Leaks: So far so good, we’re not going to raise the price. There’s no point in going any lower. We have the cheapest goods on the market and we are the first to do it.
SuspectFile.com: If, let’s say after five or six months, these files are not sold, what will you do with this data? Would you consider releasing it publicly for free?
Meow Leaks: That may be the case, I already have that feature. But no one said the files wouldn’t be updated. You can see for yourself how companies get hacked repeatedly
SuspectFile.com: As we understand it, Meow Leaks is not a ransomware group; it does not encrypt data after exfiltration and has no negotiation chat. Who or what exactly is Meow Leaks?
Meow Leaks: That’s right, we’re not extortion programs. But companies aren’t all fluffy bunnies either, we have company documents that divide people by race. There are companies that launder money and so on. How is Meow Leaks Market any worse than them? By showing their secrets? We’re a mega data marketplace Meow Leaks Market
SuspectFile.com will continue publishing articles, including seeking information from cybercriminal groups or their associates when necessary, if it is the only way to uncover facts related to data thefts and, more importantly, to highlight the negligence of public and private entities in failing to protect individuals’ privacy.