Online black market sells access to 70,000 compromised servers
Wed 15 Jun 2016
Researchers have uncovered an underground marketplace selling information on over 70,000 compromised servers based around the globe.
Russia-based Kaspersky Lab has revealed today that the online forum, named xDedic, seems to be operated by a Russian-speaking organisation and allows hackers to pay for undetectable access to a wide range of servers, including those owned by government, corporate and academic groups in more than 170 countries. XDedic takes a 5% fee for all funds placed into its trading accounts.
Access to a compromised server can be bought for as little as $6 (approx. £4). The kit comes with relevant software to instruct on launching denial-of-service attacks and spam campaigns on the targeted network, as well as allowing criminals to illegally produce bitcoin and breach online systems, such as retail payment platforms.
With an upgrade to $7 cybercriminals can gain access to government-based servers, including systems in interior and foreign ministries, commerce departments and local councils. Paying up to $15, can allow a hacker access to high-capacity network connections, explained Costin Raiu, director of Kaspersky’s research and analysis unit.
Raiu also suggested that the criminal marketplace was also being used to trade hundreds of millions of old or stolen email addresses. ‘Stolen credentials are just one aspect of the cybercrime business,’ Raiu told Reuters. ‘In reality, there is a lot more going on in the underground. These things are all interconnected.’
Reuters adds that Dedic stands for dedicated – a common term used in Russian forums to indicate a computer under remote control of a hacker and available for use by other parties.
High-profile targets are thought to include a U.S.-based aerospace firm, leading banks in the U.S., South Korea, Jordan, Ghana, Cyprus, Kazakhstan, Saudi Arabia, and the Philippines, chemical companies in Singapore and Thailand, as well as a number of oil companies in China and the UAE.
Kaspersky confirmed that computer emergency response teams have been alerted in a number of countries.