+1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

Hacking Communities in the Deep Web, Part 1

May 27th, 2015


Editor’s Note: We’ve partnered with the InfoSec Institute author Pierluigi Paganini to offer a two part guest blog post series on the changing roles of hackers and their communities in the deep web. Have you had experiences in the deep web? Share your stories in the comment section below.

The role of hackers has changed over the years, in the past these professionals were viewed as dangerous criminals that needed to be kept at arm’s length; meanwhile today they are highly sought from private companies, intelligence agencies and by criminal gangs.

“An increasingly large number of modern business operations rely on an understanding of the risks associated with software that can easily be made vulnerable to hacking.” Reported in a post I published on the Fox News site on the role of hackers.

Hacking services are among the most attractive commodities in the underground market, it is possible to hire a hacker to request a “realistic” penetration test, or to pay to take over a Gmail or Facebook account for cyber espionage purpose.

How much does it cost to hire a hacker? How to do it and what is the price for their services?

Recently, journalists at Business Insider have published a post that described the prices for principal hacking services that it is possible to acquire online. According the Business Insider an individual that wants to hack someone’s Gmail account will have to pay about $90.

“Hacking a Gmail address can come in handy if you lose your account password, manage other people’s business accounts or simply want to improve your computer skills.” states the post. “‘If you want to crack Gmail passwords, you can hack Gmail with browser settings, phishing and keylogging software and special scripts”‘

Hackers, for example, could be hired to hack into a social media account, the cost to hack into someone’s Facebook account is $350, or simply to increase the rank of a company on a social network.

The investigation conducted by the journalists revealed that a hacker can steal someone’s Hilton HHonor points for $15 or to compromise a NetFlix account just for $1.25.

Other common commodities in the hacking underground are the hacking courses that goes for $20 and hit-and-run attacks, such as a DDoS or a website defacement.

“Website hack or DDoS. Paying well.” is the message of a hacker that promises to hack a WordPress-built website down for “2k euro.”

There are various ways to buy hacking services and probably the most interesting place where it is possible to meet members of the principal hacking communities is the Deep Web … let’s explore it!

Diving in the hacking communities

The number of Hacking communities in the Deep Web is very high as reported by several investigations published by security firms and cyber-experts, hackforum, Trojanforge, Mazafaka, dark0de and the recent TheRealDeal are just a few samples.

The majority of the hacking communities are closed to the public and one must request an invitation to join the discussions. In many cases, these groups specialize their activities on specific topics and practices (e.g. Social media hacking, data theft, malware and exploits and hit-and-run attacks (i.e. DDoS, Web site hacking).

Among the communities accessible only by invitation there are several hackforums, an example is the popular Trojanforge, which specializes in malware and code reversing.

Let’s start our tour on the Deep Web from the results of a study conducted by the experts at Dell Secure Works Counter Threat Unit (CTU) to see what is changing from the publishing of the report and which are the dynamics and trends behind the hacking communities in the underground. In 2013, experts at Dell Secure Works Counter Threat Unit (CTU) published a very interesting report titled “The Underground Hacking Economy is Alive and Well.” which investigated the online marketplace for stolen data and hacking services. The study listed the goods sold in the black markets and related costs. One year later, the same team of researchers at Dell SecureWorks released an update to the study of black hat markets, titled “Underground Hacker Markets“, which reports a number of noteworthy trends.

The researchers observed a growing interest in the personal data, in particular in any kind of documentation that could be used as a second form of authentication, including passports, driver’s licenses, Social Security numbers, and even utility bills.

“The markets are booming with counterfeit documents to further enable fraud, including new identity kits, passports, utility bills, social security cards and driver’s licenses.” states the report.

Another distinguishing element of the evolution of the underground marketplaces in the last year is the offer of Hacker Tutorials, as we have seen this kind of product still represents an element of attraction in the hacking community.

Training tutorials provide instruction to criminals and hackers that want to enter into the business of stolen credit card data, information on running exploit kits, guides for the organization of spam and phishing campaigns, and tutorials on how to organize hit-and-run DDoS attacks.

“These tutorials not only explain what a Crypter, Remote Access Trojan (RAT) and exploit kit is but also how they are used, which are the most popular, and what hackers should pay for these hacker tools,” the report said.

Other tutorials offered in the hacking communities include instruction to hack ATM and to manage a network of money mules, which are the principal actors for the cash out process of every illegal activity.

HackerTutorials

Figure 1 – Hacking Tutorial – Dell Secure Works Counter Threat Unit (CTU) Report

The results of the investigation conducted by the experts at Dell confirm the findings of another interesting report published by TrendMicro on the activities in the Brazilian underground, which is characterized by the availability of a significant number of similar products and services. Hacking communities are very active in selling stolen credit cards, differentiating their offer to reach a wider audience and provide tailored services at higher prices.

“It is apparent that the underground hackers are monetizing every piece of data they can steal or buy and are continually adding services so other scammers can successfully carry out online and in-person fraud,” states the report.

In the following table that I have found on Twitter are listed the services and the products with related prices expressed in both Bitcoin and Euro.

RecentBlack

Figure 2 – Listing and average prices for black markets

Hiring Hackers in Tor network

I anticipate you that I’m quite diffident of the amazing number of offers from alleged hackers that advertise their services on various hacking forums in the underground. The experts that you will find in many hacking communities could help you to run a penetration test on your website or can exploit known flaws in vulnerable websites that you intent to compromise.

Let’s start our tour from the “Rent-A-Hacker” website; it seems managed by a single hacker that presents himself with the following statement:

“Experienced hacker offering his services! (Illegal) Hacking and social engineering is my business since i was 16 years old, never had a real job so i had the time to get really good at hacking and i made a good amount of money last +-20 years.
I have worked for other people before, now im also offering my services for everyone with enough cash here.

Rentahacker

Figure 3 – Rent-A-Hacker Tor website

The hacker explains that he is a professional hacker specialized in illegal hacking services that he offer to “destroy some business or a persons’ life.”

Reading his description it seems to be specialized in the hacking of websites and probably he manages a botnet that it offers for DDoS attacks.

The hacker explains also that he is able to run espionage campaign and tracking of pedos online. Among the services he offers, there is also the gathering for private information of any individual, anyway every tack could be committed by paying an hourly rate that is about 100 dollars, of course prices depend on many factors, including the complexity of the task assigned to the expert.

Product

Of course, the payments are anonymous and made through Bitcoin virtual currency.

Surfing on Tor network, I have found several black markets and forum offering hacking services, “Hacker for hire” is one of them.

The website offer wide range of service, from cyber frauds to hacking services. It is curious to note that operator of the website also offer both offensive and defensive services, specific services in fact are tailored for victims of the cybercrime.

Hackerforhire

Figure 4 – Hacker for hire

Product2

Another website that offers many illegal products is the “Hell”.

hackingforum

Figure 5 – The Hell Hacking Forum

The web portal hosts several sections related to hacking tools, tutorials and of course, it is populated by hackers that offer their services. In the section “Jobs” there are various offers for hacking services, I contacted some of the alleged hackers negotiating the following prices for some specific tasks.

product3

In the Tor network, several hackers offering their services using their own websites, black markets represent the privileged choice to get in touch with a hacker and hire him. The principal benefits to hire a hacker on a black marketplace are:

  • Possibility to verify the reputation of the hacker and its abilities.
  • Availability of escrow services that protect both buyers and sellers.

For this reason, I decided to explore some of the most popular black markets searching for hackers to hire. I started my short tour from the TheRealDeal black market that was recently emerged in the underground community to provide both sellers and buyers a privileged environment for the commercialization of exploit kits and hacking services.

therealdeal

Figure 6 – TheRealDeal Marketplace

I have found among the hackers that propose their services the possibility to pay for a DDoS attack or for the customization of a malware, also on TheRealDeal market it is possible to pay for tutorials of different kind.

Below a table that outlines the offers I received from the hackers I contacted, or that published their offers on the marketplace.

product4

Another popular black market is Nucleus but at least another 2 mirrors are up to serve visitors), this marketplace is more focused on products (i.e. malware, stolen card data, etc.) than service. I tried to contact some sellers and only one of them offered me hacking services to hack a server or to compromise a specific user stealing his data with targeted attack. In the following table are resumed some of the products/services available on Nucleus marketplace.

product6

 Read Part 2 of this blog post >
Part 2 is an interview blog post with Paolo Stagno, aka VoidSec, who is a Security Analyst specialized in Underground Intelligence. Find the full InfoSec Institute article here with links to the hacking community websites.

BIO
Pierluigi Paganini

Pierluigi Paganini is Chief Information Security Officer at Bit4Id, firm leader in identity management, member of the ENISA (European Union Agency for Network and Information Security)Treat Landscape Stakeholder Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at Cyber Defense magazine, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to create the blog “Security Affairs,” recently named a Top National Security Resource for US. Pierluigi is a member of the The Hacker News team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News magazine and for many other security magazines. He is the author of the books The Deep Dark Web and Digital Virtual Currency and Bitcoin.

SHARE THIS


The following two tabs change content below.

Thycotic Team

We deploy smart, reliable, IT security solutions that empower companies to control and monitor privileged account credentials and identities.

Leave a Reply

*