Hackers Sell Access to Fortune 500 Computers
Unauthorized access into the networks of Fortune 500 companies is only few dollars and clicks away, thanks to illicit marketplaces where buyers can obtain ill-gotten entry to computers all over the world.
"The whole world in one service," reads the slogan of Dedicatexpress, a Russian site that, according to Brian Krebs' security blog, advertises on a number of forums popular among criminal hackers.
For just $20, users who contact the site's administrator via the Jabber instant-messaging service will be granted access to almost 17,000 Windows servers running Remote Desktop Protocol (RDP) around the world, a tiny cross-section of the roughly 300,000 systems that have been available since the site's inception in 2010.
Once inside, users with access to the compromised computers can use them as if sitting at terminals right in the same room. The compromised machines could end up being deeply damaged or destroyed by malware, or used as tools to commit other forms of criminal activity.
Krebs said he accessed a server owned by networking giant Cisco that was barely protected with the username "Cisco" and password "Cisco."
The Dedicatexpress site makes a small effort at appearing legitimate. The sellers, who guess common passwords granting access to RDP-enabled servers, and then make the details available at a price, say some illegal activities, such as PayPal and dating scams or installing software, are against the rules. Administrative access, however, was granted on the Cisco server Krebs saw.
Dedicatexpress' customers are able to keep their identities secret by using WebMoney, an online currency that is similar in style to Bitcoin.
Visitors to the Dedicatexpress website will see a world map, each country filled in with a section of its flag. If a customer purchases an unsatisfactory machine, they can "file a ticket with technical support." It really does appear as if the world is at your fingertips.
The vulnerability is not specific to any Windows operating system. As long as a machine's RDP access is protected only by a weak password, any server or desktop, including those running Windows 8, could wind up for sale on sites like these.
Follow Ben on Twitter @benkwx.