Access to Rooted Servers Being Sold via Online Shop
Recent investigation lead to a discovery of underground online store where access to hacked servers could be bought. Unfortunately, this is just one of the many examples how stolen data can be commercialized.
The online store is located in a website called SSH-Zone. This criminal web page was discovered by Alberto Ortega who is a researcher at AlienVault Labs. He discovered that at the website was selling stolen server admin credentials, thus providing easier access to them. As a result, criminals can spread malware, spam or establish botnets more efficiently.
Further investigation revealed the Linux servers being the main targets and that the server credentials are sold to administrators who has accounts on Plesk and OpenSSH (software used for administrating servers). Moreover, the whole storage and selling process is completely automatic. The credentials are distributed in standardized packages and are later used for further gathering of the information using spear phishing or other methods to deceive the users.
It is believed that people behind this project are Russian because some of the software used on the server is written in this language, it is reported that the administrator also spoke Russian.
In the light of recent events, 41st Parameter, a company specializing in fraud prevention, published a report concerning evolution of cyber crimes. The report called “The Growing Threats of Cyber Crime: Five Trends and Takeaways” stated that due to the increase in profits the cyber criminals became more sophisticated and the tactics they’re using are getting more and more complex.