A major underground web marketplace has been uncovered that is reportedly selling and renting access to more than 70,000 compromised computer servers across the globe, giving hackers the ability to launch sophisticated cyber-attacks for as little as $6 (£4).
Disclosed by Russian security firm Kaspersky Lab, its researchers revealed the dark-web-hosted platform, entitled xDedic, is advertising access to hacked computers within governments, universities and businesses in more than 150 countries.
For eager hackers, each purchase comes bundled with software that can be used to launch distributed-denial-of-service (DDoS) attacks, orchestrate spam campaigns or exploit point-of-sale (POS) retail systems.
"From government networks to corporations, from web servers to databases, xDedic provides a marketplace for buyers to find anything," Kaspersky said in a blog post. "And the best thing about it – it's cheap. Purchasing access to a server located in a European Union-country government network can cost as little as $6.
"The one-time cost gives a malicious buyer access to all the data on the server and the possibility to use this access to launch further attacks. It is a hacker's dream, simplifying access to victims, making it cheaper and faster, and opening up new possibilities for both cybercriminals and advanced threat actors."
According to Kaspersky, the xDedic developers do not sell anything themselves. Instead, they appear to have created the network, then left it up to vendors to populate it with server access – a model similar to eBay. It appears to have worked. Kaspersky noted: "If the truth be told, the people behind xDedic have created what appears to be a 'quality' service – the forum even includes live technical support [and] special tools to patch hacked servers."
The detailed analysis described how the buying process works. "A malicious user could go to the xDedic forum, register an account, top it up with Bitcoins and then purchase a number of servers that have PoS software installed," the firm said. "Then, they can install PoS malware, such as 'Backoff', to harvest credit card numbers. The possibilities are truly endless."
Costin Raiu, director of Kaspersky's research and analysis team, said the market's administrators – who are believed to be Russian-speaking – operate by taking a 5% up-front fee on all money entered to trading accounts on the website.
Raiu told Reuters: "Buyers can gain access to government servers in several countries, including interior and foreign ministries, commerce departments and several town halls." He added the content of the website could also be used to exploit credentials leaked from the recent spate of so-called 'mega-breaches' involving Myspace, LinkedIn and Twitter.
"Stolen credentials are just one aspect of the cyber-crime business," Raiu told Reuters. "In reality, there is a lot more going on in the underground. These things are all interconnected."
According to Kaspersky, targets include banks in the US, Philippines, Cyprus, Saudi Arabia, South Korea and Kazakhstan alongside oil firms in China and the United Arab Emirates. The researchers would not disclose the names of those listed on the website, however, noted that it is now working with law enforcement to investigate further.