|
Cybercrime market sells
servers for as little as 6 dollars to launch attacks
Send a link to a friend
 [June 15, 2016]
By Eric Auchard
FRANKFURT (Reuters) - A major
underground marketplace acting like an eBay for criminals is selling
access to more than 70,000 compromised servers allowing buyers to
carry out widespread cyber-attacks around the world, security
experts said on Wednesday.
Researchers at Kaspersky Lab, a global computer security firm based
in Moscow, said the online forum appears to be run by a Russian
speaking group. It offers access to hacked computers owned by
governments, companies and universities in 173 countries,
unbeknownst to the servers’ legitimate owners.
Access goes for as little as $6 for a compromised server. Each comes
pre-equipped with a variety of software to mount denial-of-service
attacks on other networks, launch spam campaigns, illicitly
manufacture bitcoin currency or compromise online or retail payment
systems, the researchers said.
Starting at $7, buyers can gain access to government servers in
several countries, including interior and foreign ministries,
commerce departments and several town halls, said Costin Raiu,
director of Kaspersky's research and analysis team.
He said the market might also be used to exploit hundreds of
millions of old, stolen email credentials reported in recent months
to be circulating in the criminal underground.
“Stolen credentials are just one aspect of the cybercrime business,”
Raiu told Reuters in an interview. “In reality, there is a lot more
going on in the underground. These things are all interconnected.”
The marketplace goes by the name xDedic. Dedic is short for
dedicated, a term used in Russian online forums for a computer under
remote control of a hacker and available for use by other parties.
XDedic connects sellers of compromised servers with criminal buyers.
The market's owners take a 5 percent up-front fee on all money put
into trading accounts, Raiu said.
[to top of second column] |
A magnifying glass is held in front of a computer screen in this
picture illustration taken in Berlin May 21, 2013. REUTERS/Pawel
Kopczynski
Kaspersky found the machines run remote desktop software widely used
by network administrators to provide technical support for Microsoft
Windows users. Access to servers with high capacity network
connections may cost up to $15.
Low prices, searchable feature lists that advertise attack capabilities,
together with services to protect illicit users from becoming detected attract
buyers from entry-level cybercriminals to state-sponsored espionage groups.
An unnamed Internet service provider in Europe alerted Kaspersky to the
existence of xDedic, Raiu said.
High-profile targets include a U.S. aerospace firm, banks in the United States,
Philippines, Kazakhstan, Jordan, Ghana, Cyprus, South Korea and Saudi Arabia,
chemical firms in Singapore and Thailand and oil companies in China and the
United Arab Emirates, Kaspersky found.
Raiu declined to name the organizations. He said Kaspersky has notified national
computer emergency response teams in several countries.
(Reporting By Eric Auchard; Editing by David Gregorio)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
