Modernizing Authentication — What It Takes to Transform Secure Access
According to Krebs on Security's Brian Krebs, several services are now selling access to hacked computers inside Fortune 500 companies for a few dollars.
"Pitching its wares with the slogan, 'The whole world in one service,' Dedicatexpress.com advertises hacked RDP servers on several cybercrime forums," Krebs writes. "Access is granted to new customers who contact the service’s owner via instant message and pay a $20 registration fee via WebMoney, a virtual currency. The price of any hacked server is calculated based on several qualities, including the speed of its processor and the number of processor cores, the machine’s download and upload speeds, and the length of time that the hacked RDP server has been continuously available online (its 'uptime')."
"There is a common thread among the machines and servers in question: all of them have the remote desktop protocol enabled," writes Threatpost's Brian Donohue. "Krebs notes that RDP is a Microsoft feature organizations will often turn on if they want to access systems remotely."
"For example, [Krebs] found a computer for rent from Fortune 100 company Cisco Systems," writes CSO Online's Antone Gonsalves. "The credential assigned to the Windows Server 2003 system was username: Cisco; password: Cisco. The company confirmed the hacked server was in its network, but declined to provide details to Krebs."
"The article doesn't say what people who use the service do once they've accessed a computer," writes Ars Technica's Dan Goodin. "One possibility is using it as an anonymity service. Attackers might also want to capitalize on the trustworthy reputation some corporate computers enjoy among spam and malware scanning providers."
"According to Krebs, the site's managers have said they won't traffic in Russian RDP credentials, suggesting that the site's owners are based in Russia and don't wish to antagonize Russian authorities," writes InformationWeek's Mathew J. Schwartz. "According to security experts, Russian law enforcement agencies typically turn a blind eye to cybercrime gangs operating inside their borders, providing they don't target Russians, and that these gangs in fact occasionally assist authorities."