For Sale: Access to 70,000 Hacked Computer Networks

Uploaded on 2016-06-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber-security firm Kaspersky Lab says it has uncovered an online marketplace where criminals from all over the world sell access to more than 70,000 hacked corporate and government servers for as little as $6 each.

Kaspersky discovered the forum after a tip from a European internet service provider. The market, called xDedic, is operated by hackers, who are probably Russian speaking, that have ditched their traditional business model of just selling passwords and have graduated instead to earning a commission from each transaction on their black market.

"It’s a marketplace similar to EBay where people can trade information about cracked servers," said Costin Raiu, head of global research at Kaspersky Lab. "The forum owners verify the quality of the hacked data and charge a commission of 5 percent for transactions."

An aerospace company from the US, oil firms from China and the United Arab Emirates, a chemical company from Singapore and banks from several different countries are among companies whose servers were compromised by xDedic, Kaspersky said, declining to disclose any names.

As businesses ranging from banks to retailers go digital, hacking is getting more advanced and is often instrumental to traditional crime. Markets offering criminals both the tools to hack into networks and the spoils of successful attacks such as credit card data are growing in size and complexity. US authorities worked with counterparts from more than a dozen other countries in 2015 to dismantle a sophisticated computer forum known as Darkode, described as an online, invitation-only market for cyber-criminals to buy and sell products for infecting electronic devices.

Cybercrime services allow even low-skilled criminals to use acquired malicious software to attack their targets, Kaspersky said. People who bought access to servers on xDedic used the information for denial-of-service attack on businesses or to steal credit-card details from servers connected to systems such as computer terminals in shops, according to Raiu. Some have used compromised servers to mine bitcoins, he said. The marketplace is available on the Internet, requiring users to register and deposit $10 in bitcoins.

“It wasn’t only government networks, but also corporations, banks, research institutions, telecommunication companies, to name a few," Raiu said.

Information-Management

« New US Biometric Passport Regulations Will Prevent Entry To Millions
The Cyberwar Frontier In Korea »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CloudInsure

CloudInsure

CloudInsure is a Cloud Insurance platform designed to specifically address emerging liabilities within the Cloud environment.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

Communications Authority of Kenya

Communications Authority of Kenya

The Authority is responsible for facilitating the development of the information and communications sectors including; broadcasting, telecommunications, electronic commerce and cybersecurity.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

Perseus Cyber Security

Perseus Cyber Security

Perseus provides all-around digital protection for small and medium-sized businesses through state-of-the-art software solutions, flexible online training and emergency response.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

Kontex

Kontex

Kontex is a Cyber Security consultancy creating resilient solutions. From Strategy, Advisory and Implementation to Management and everything in between.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

Navisite

Navisite

Navisite is a combination of eight respected IT consulting and managed service providers that were brought together under the Navisite brand.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council is a leading collaborative effort between Government of India and Industry to raise Cybersecurity awareness nationally.

Code First Girls

Code First Girls

Code First Girls are on a mission to close the gender gap in the tech industry by providing employment through free education.