14 DAY TRIAL // Security vendor Imperva warns that hackers are selling access to hacked websites and servers that belong to government, military and educational institutions.
The company provides a screenshot of a list of compromised websites as advertised by the hacker, which contains information such as the level of access, the owner, traffic and price.
For example, one of the most expensive items is MySQL root access and high value information from www.scguard.army.mil, the website of the South Carolina National Guard. It costs $499.
For the same price, one could acquire root access to the U.S. Army Communications-Electronic Command Web server (cecom.army.mil) or control of the admin panel for the General Staff of the Albanian Army (gs.mil.al) website.
Root access to the Department of Defense Pharmacoeconomic Center Web server (www.pec.ha.osd.mil) is $100 cheaper.
Even though they are visited by several hundred thousand users, unauthorized access to compromised local government sites is not that expensive. Access to Utah.gov and Michigan.gov costs 99$ and 55$ respectively.
Full control of the University of South Carolina Beaufort website can be bought for $88 and control over edu sites from other countries comes at similar prices.
But this hacker doesn't only offer access to already compromised sites and Web servers. He can also be hired to hack them on request.
Gaining access to a "normal" website costs just $9.99, while the price for a high profile one varies depending on the target.
Even more worryingly, information extracted from the hacked sites is also put up for sale. Databases containing the names, emails, addresses, phone numbers and fax details cost just $20 per 1,000 records.
According to a discussion about the legitimacy of this seller on a known hacking forum, users seem to agree that he is not a scammer.
However, one fellow hacker holding a grudge has exposed all URLs to the SQL injection vulnerabilities he exploited to compromise those sites and servers.
So now, not only is access to these sites available for purchase on Google-indexed page, but the method of getting it for free is also available for those with the know-how.
Some of the sites on the hacker's list have been taken offline since Imperva's report came out. This suggests that owners are working to fix the problems.
