IRS paid contractor $65K to monitor dark web.
IRS paid contractor $65K to monitor dark web.

The Internal Revenue Service (IRS) reportedly paid Flashpoint $65,000 for access to firm's platform and API in order to extract intelligence from the dark web about cybercriminals.

While it is unclear exactly what services the firm provided, documents obtained by Vice's Motherboard through a Freedom of Information Act (FOIA) request, revealed the agency is contracted to use the services between September 1, 2016 and June 31, 2017.

There are many reasons why the IRS may have used Flashpoint's services, Ajay Arora, chief executive officer (CEO) and co-founder of Vera, told SC Media.

"The dark web is a huge bastion of criminal exchange of PII and PHI obtained illegally and put out there for purchase," Arora said. "Amongst a whole vast range of other criminal activity and black money."

The agency may have been looking to fight identity theft, Mounir Hahad, senior director at Cyphort Labs, told SC Media.

“It is relevant for the IRS to be aware of compromised identities which usually end up for sale on the dark web," Hahad said. "These identities can be used to submit fraudulent tax returns in order to cash in on tax refunds. The IRS could, for instance, put on a watch list any social security number that ends up on the dark web.”

Nick Bilogorskiy, senior director of threat operations at Cyphort, speculated the IRS is looking to monitor dark web for intelligence related to actor groups that may try to attack the agency.

“Flashpoint is one of the best threat intelligence providers," Bilogorskiy said. "I imagine they have intelligence related to phishing and malware. The IRS saw a big spike in phishing and malware incidents during the 2016 tax season – roughly a 400 percent surge.

He went on to say that the IRS itself was breached in 2015 when it lost the data of 700,000 taxpayer accounts and that IRS Commissioner John Koskinen told lawmakers that there are over a million malicious attempts to breach the department's computer systems each day.

The findings also highlight how an increasing number of agencies are paying threat intelligence firms for information as Motherboard reported last year that U.S. Customs Police paid Flashpoint $150,000 for the firm's dark web monitoring services. 

Flashpoint declined to comment on the specific services it provided. "Flashpoint's takes the privacy of its customers very seriously,” the firm told SC Media. “While this information is public via FOIA, and we are transparent about the verticals that we support, we do not comment on customer matters, whether private or public sector."