HackDig : Dig high-quality web security articles for hackers

Hacking as a Service: How Much Does it Cost to Hack an Account?

2014-08-15 01:13

HaaS.pngThere are many who may not be able to recall the days when HTML was all hand-coded in much the same way there are hackers who can’t recall when an exploits needed to be built from scratch. The process of hacking hasn’t gotten any less illegal, but it seems to have become more user-friendly. Combine that with to an increasing number of transactions taking place online, and you have fertile ground to grow an underground economy

With advances in exploit kits, free tools, leased botnets and hackers for hire have made what was once only possible by highly skilled hackers is available to anyone with a little technical skill. There exists an underground marketplace to buy and sell malware, exploit kits, botnets, credit card information, software zero-days (where no patch is available) for popular operating systems or software packages, or services such as attacking and defacing a website, or performing DDoS attacks.  So how does this all work?

Similar to Software as a Service (SaaS) is transforming how we access applications, Hacking as a Service (HaaS) is making it easier for attackers.

Economically, we can talk about the cost of hiring a hacker in the same terms as we would talk about hiring any other technical professional. Their time is their currency; the longer a hack takes, the more it costs. A simple DDoS attack or some black hat SEO links could cost as little as $100; consulting, RATs such as Blackshades, or simplified botnet rentals could cost between $250 and $500. Full control over a botnet such as ZeuS with command and control capabilities can run into the $20,000 range.

Since hackers will obviously not wait until they’re hired to seek financial gain, they’ll typically look to generate revenue through the underground sale of exploit toolkits as well.  Originally, selling toolkits wasn’t as profitable because as they were bought, downloaded, and resold, profits paid to the original developers shrank. The Blackhole toolkit solved this by introducing a service model for updates in which the user could get support, new features, and new Zero-Day exploits provided they purchased a subscription from the original developer. In turn, these developers will typically put some of the money into researching and developing new exploits and features of the toolkit. For the hacker willing to put in the effort of extra configuration and bug fixes, open source exploit kits such as Metasploit can be downloaded for free.

Are There Different Specializations Among Hackers?

Just as with legitimate and legal white hat hackers and IT/Network security professionals, various hackers also have their specialties.  There may be some which are more skilled in programming and writing viruses or Trojans, just as there are IT Security professionals who are skilled at writing signatures to detect such malware and are involved in antivirus/antimalware products.  There may be others who are more skilled in identifying vulnerabilities in software or operating systems.  There may be others who are adept at breaking into websites or networks.  This is as diverse as the list professional network security certifications IT professionals strive to acquire to make themselves more marketable.

What's The Solution?

As we’ve seen, the cost can be relatively low to do a large amount of damage, and the barrier to entry to dive in on yourself has lowered considerably. From an IT administrator’s perspective, this shouldn’t mean giving up, it should mean smartening up. General housekeeping items such as ensuring all software patches are up to date and having your finger on the pulse of industry trends is a great start. Speaking of industry trends, make sure you’re working with law enforcement in the event you do fall victim to a botnet attack. Symantec’s work in this area has led to several takedowns thus far.

It's important that individual users are educated on how to protect information. Network admins should teach them to avoid clicking on email links they don’t know or opening attachments they don’t recognize. Ban pirated software and conduct awareness classes to keep users in the know.

Editor's Note: This information is not provided in order to help you comparison shop or encourage your participation in illegal activities, only to better understand what IT managers and administrators face. Pricing provided is not tied to one specific entity, but to the time spent on these activities at-large.

Source: tnuocca-kcah-tsoc-ti-seod-hcum-woh-ecivres-gnikcah/sgolb/tcennoc/moc.cetnamys.www

“Hacking as a Service: How Much Does it Cost to Hack an Account?”0 Comments

Submit A Comment



Blog :

Verification Code:


Tag Cloud