For Sale: Cheap access to corporate computers

By Mark Ward
Technology correspondent, BBC News

image captionMany sites are selling access to corporate networks for only a few pounds

Cybercriminals are openly selling illegal access to the computer networks of many of the world's biggest companies.

For only a few pounds or dollars, fraudsters and scammers can get the log-in details for a server sitting on the network of a Fortune 500 firm.

Those renting access can use the machine to carry out their own scams, such as sending spam, or use it as a springboard for a wider hacking attempt on a big company.

The network access is just one of a wide range of cybercrime services now available on the underground economy.

Called Dedicatexpress, the hacked server service was uncovered by security researcher Brian Krebs who spent two weeks tracking down the site, accessing its forums and getting hold of a list of the corporate networks to which it offered access.

Currently, the site has about 17,000 servers available but he estimates that about 300,000 have been listed since the site started in 2010. Since Mr Krebs wrote about it, the site has changed to become member-only.

Spam funnel

Mr Krebs said the site was acting as a broker on behalf of hackers who had already won access to the networks as a result of separate attacks.

"It seems to they are gathering these from people who are selling them to the service," he told the BBC.

"They maybe individual hackers that have no use for these but know they have value and are re-selling them."

image captionServers on corporate networks tend to be powerful and have fast net links

The servers listed could prove useful to spammers or other fraudsters who want to use corporate resources, which typically include high speed net links and powerful computers for their own ends.

Dedicatexpress puts some restrictions on what customers can do with some hacked servers, said Mr Krebs. Paypal fraud, online gambling and dating site scams are among activities banned on some.

While openly offering hacked servers for sale may be a surprise or a shock to some, Mr Krebs said it was likely that the computers had been compromised for a long time.

"My sense is that a lot of these systems are probably abused quite a bit before they get to this point," he said. "They may have been wrung out in other ways before they are sold to a service like this."

The first cybercriminal or hacker that won access to the server probably used it for their own ends, he said. That might have involved stealing company secrets, using it as a server for a phishing scam or to funnel spam through.

"These could provide someone with full control of a machine which is on the inside of a major corporation's network," said Yuval Ben-Itzhak, chief technology officer at security firm AVG. "They can be used to attack machines outside of the network under the disguise of a trusted company."

Mr Ben-Itzhak said it was easy for firms to stop cyber-thieves winning access if they changed default passwords and made sure those they did pick were hard to guess. Anything else, he suggested, was just being "sloppy".

Underground express

Rik Ferguson, director of security research and communications at Trend Micro, said the existence of Dedicatexpress showed how sophisticated the underground economy had become.

image captionCyber criminals often pump spam through compromised computers

"That's the beauty of digital crime as far as the criminal is concerned," he said. "It doesn't have to be exclusive, the same 'stolen goods' can be sold and resold with no deterioration in quality, whether that is intellectual property, credentials, stolen accounts or network access."

Dedicatexpress was just one of many, many sites run out of countries in Eastern Europe that made up the underground economy, said Mr Ferguson.

A report by security firm Trend Micro showed that Russia was at the centre of this widespread criminal economy in which any and every cybercrime service is on sale - at a price. The rates being charged for the various services, including everything from hacking corporate mailboxes to sending junk texts, were detailed in the report.

One of the most expensive services on offer on the underground was the purchase of an entire botnet for about £435 ($700). A botnet is a network of hijacked home computers that a hacker has compromised. The computers on this network can be plundered for saleable data or used as proxies for spamming campaigns or phishing attacks.

If buying a botnet is too expensive, renting one for an hour can cost as little as £1.20 ($2), and sending a million emails out via it would cost about £6. The Trend Micro report found that custom hacking jobs were more expensive though unlikely to break the bank. For instance, hacking a Gmail, Facebook or Twitter account would cost about £100.

Cybercrime in Russia had long ceased being a "hobby" for hackers, said Mr Ferguson, and had become a way of life for many criminals who were making a good living from their nefarious deeds.

Brian Krebs said he was no longer shocked by the scale and sophistication of the hi-tech crime economy.

"A few years ago I would have been," he said. "Now? Not so much. There are just so many of these types of services out there and these hacked servers are very widely available."

More on this story

Related Internet Links

The BBC is not responsible for the content of external sites.