Cyber Correspondent, In the murky world of cybercrime, insider threats are among the most feared vulnerabilities. Unlike external hacks, they rely not on technological loopholes but on human weakness—greed, desperation, or betrayal. Few outsiders ever get a glimpse of how these approaches unfold. I did, when I became the target myself.
One evening in July, a message flashed across my encrypted Signal app. The sender, who called himself Syndicate, made a startling offer:
“If you are interested, we can offer you 15 percent of any ransom payment if you give us access to your PC.”
The proposition was unambiguous. Cybercriminals wanted to use my credentials to infiltrate BBC systems, deploy ransomware, and demand payment in cryptocurrency. In exchange, I would secretly pocket a share of the payout.
The First Firm to Assess Your DFIR Capability Maturity and Provide DFIR as a Service (DFIRaaS)
Escalating Temptation
As our conversations progressed, the offer became even bolder.
“We aren’t sure how much the BBC pays you,” the hacker wrote. “But what if you took 25 percent of the final negotiation? You wouldn’t need to work again.”
The criminals claimed to be affiliated with Medusa, a ransomware-as-a-service operation that has targeted over 300 organizations worldwide. They painted a picture of a vast underground industry where insiders, bribed or coerced, quietly hand over the keys to corporate kingdoms.
When I hesitated, their tactics shifted. Suddenly my phone buzzed relentlessly with login notifications—an attack technique known as MFA bombing, designed to wear down a target until they accidentally approve a fraudulent access attempt. My phone became unusable; my inbox flooded with security prompts.
A Vulnerability From Within
What unfolded was more than a personal encounter. It underscored the evolving sophistication of ransomware gangs, which no longer rely solely on brute-force hacking but increasingly exploit insiders as a point of entry.
The BBC’s information security team eventually cut off my access to internal systems as a precaution. Days later, the hackers vanished, deleting their Signal account without further contact. Yet the experience left a chilling reminder: insider threats are not hypothetical—they are an active frontier of cybercrime.
Expert View
Professor Triveni Singh, a former Indian Police Service officer and noted cybercrime expert, sees insider threats as one of the most insidious risks modern organizations face.
“External defenses can be fortified with technology, but when an employee chooses to collaborate with criminals, the entire security framework can collapse. Companies must invest not only in cybersecurity infrastructure but also in cultivating digital ethics and continuous awareness among staff. Trust, once compromised, is far harder to restore than a breached firewall.”
The Broader Lesson
The episode illustrates a sobering truth: cybercriminals are not just probing firewalls—they are probing people. And as long as organizations depend on employees who hold critical access, hackers will keep knocking on digital and human doors alike.
