A new Kaspersky report analyzes an online hacker marketplace called xDedic, where access to 70,000 hacked servers -- multiplayer game servers, billing servers, cellular/ISP servers, dating servers, betting servers, government and university servers -- in 173 countries can be bought for $6 and up.
Access to the servers is via Microsoft's Remote Desktop Protocol, which offers enormous control over the machines and the power to scan the servers' local networks for other vulnerable machines to attack.
These machines can be used for traditional attacks -- denial of service, spam, etc -- but given the degree of access, they're probably better suited for fraud, espionage, and more sophisticated sorts of crime.
xDedic is run by Russian-speaking hackers, and provides an easy-to-use toolsuite for evaluating the capabilities of the compromised machines.
Like the $5 DDoS attacks, these $6 servers reveal the basic economics of industry-wide security failings. Neoclassical economics predicts that when supply goes up, prices go down. The fact that servers are so easy to compromise means that it's a buyer's market for wide-open machines.
The owners of xDedic don’t just passively sell access to hacked servers, however. They also provide sellers with custom tools to help them compromise servers, including a SysScan tool that automatically collects information about compromised systems, such as the web sites that can be accessed from them, the amount of memory on the systems and any software installed on them. Interested buyers can shop xDedic for the server that best meets their needs based on geographical location, configuration, memory, and other features.
Servers with accounting and gambling software on them, or point-of-sale software, are the most prized—the latter is used by businesses to process credit and debit card transactions and if configured poorly can expose card numbers to hackers with access to the servers. Kaspersky says about 450 of the compromised servers currently on offer at xDedic have point-of-sale software installed on them.
(Image: SAGE Computer, Don DeBold, CC-BY)