For Sale: Access to 70,000 Hacked Computer Networks

Uploaded on 2016-06-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber-security firm Kaspersky Lab says it has uncovered an online marketplace where criminals from all over the world sell access to more than 70,000 hacked corporate and government servers for as little as $6 each.

Kaspersky discovered the forum after a tip from a European internet service provider. The market, called xDedic, is operated by hackers, who are probably Russian speaking, that have ditched their traditional business model of just selling passwords and have graduated instead to earning a commission from each transaction on their black market.

"It’s a marketplace similar to EBay where people can trade information about cracked servers," said Costin Raiu, head of global research at Kaspersky Lab. "The forum owners verify the quality of the hacked data and charge a commission of 5 percent for transactions."

An aerospace company from the US, oil firms from China and the United Arab Emirates, a chemical company from Singapore and banks from several different countries are among companies whose servers were compromised by xDedic, Kaspersky said, declining to disclose any names.

As businesses ranging from banks to retailers go digital, hacking is getting more advanced and is often instrumental to traditional crime. Markets offering criminals both the tools to hack into networks and the spoils of successful attacks such as credit card data are growing in size and complexity. US authorities worked with counterparts from more than a dozen other countries in 2015 to dismantle a sophisticated computer forum known as Darkode, described as an online, invitation-only market for cyber-criminals to buy and sell products for infecting electronic devices.

Cybercrime services allow even low-skilled criminals to use acquired malicious software to attack their targets, Kaspersky said. People who bought access to servers on xDedic used the information for denial-of-service attack on businesses or to steal credit-card details from servers connected to systems such as computer terminals in shops, according to Raiu. Some have used compromised servers to mine bitcoins, he said. The marketplace is available on the Internet, requiring users to register and deposit $10 in bitcoins.

“It wasn’t only government networks, but also corporations, banks, research institutions, telecommunication companies, to name a few," Raiu said.

Information-Management

« New US Biometric Passport Regulations Will Prevent Entry To Millions
The Cyberwar Frontier In Korea »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

Sparta Consulting

Sparta Consulting

Sparta Consulting is an information management and business development full service provider.

Avira

Avira

Avira provide a portfolio of antivirus, security and performance applications for Windows, Android, Mac, and iOS.

Virtru

Virtru

Virtru's Data Protection platform protects and controls sensitive information regardless of where it's been created, stored or shared.

Tenfold Software

Tenfold Software

Tenfold is the unique, centralized platform for managing user and permissions efficiently and automatically.

Halcyon Knights

Halcyon Knights

Halcyon Knights is a specialist executive search and IT recruitment agency in the APAC region. Areas of specialisation include cybersecurity.

GroupSense

GroupSense

GroupSense helps governments and enterprises take control of digital risk with cyber reconnaissance, counterintelligence and monitoring for breached credentials.

Protected Media

Protected Media

Protected Media’s advanced cybersecurity ad fraud solution guards you against current and emerging threats across Connected TV, Display and Video advertising.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Tugboat Logic

Tugboat Logic

Tugboat Logic was created to address the skills and expertise gap in the security and compliance industry. Our goal is to simplify and automate information security management for every enterprise.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

Trackd

Trackd

At trackd, we’re re-imaging vulnerability remediation for the benefit of the entire cyber security community. Automating Vulnerability Remediation without the Fear of Disruption.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.

Datapac

Datapac

Datapac is one of Ireland’s largest and most successful ICT solutions and services providers. We have been at the forefront of technology innovation in Ireland for the past three decades.