Report: Service Offers Cheap Access to Hacked Servers

An online service that sells fairly cheap access to compromised corporate machines creates a pay-to-play scenario for criminals seeking access to the networks of high-profile organizations, according to a Krebs on Security report.

An online service that sells fairly cheap access to compromised corporate machines creates a pay-to-play scenario for criminals seeking access to the networks of high-profile organizations, according to a Krebs on Security report.

Brian Krebs writes that Dedicatexpress.com currently has access to just fewer than 17,000 machines, and throughout its lifetime has peddled access to somewhere in the ballpark of 300,000 compromised networks. There is a common thread among the machines and servers in question: all of them have the remote desktop protocol enabled. Krebs notes that RDP is a Microsoft feature organizations will often turn on if they want to access systems remotely.

Krebs did find a recognizable name among the compromised servers, one belonging to Cisco Systems Inc. Krebs used a feature on Dedicatxpress.com that enables users to search for hacked servers by IP address range to locate the Cisco server.

The problem for many of the systems that Dedicatexpress.com is selling access to, including Cisco’s, is that the RDP access is protected by weak username-password combinations. Krebs said the Cisco username and password were “Cisco.”

Dedicatexpress.com’s rates are determined by a number of variables including, the number and speed of processing cores, upload and download speeds, and the duration of time the compromised servers have been available. Users can pay for access via the virtual currency WebMoney. Users who want access to Cisco’s San Jose, California-based, Windows Server 2003 machine would have to pay a very reasonable $4.55.

A Cisco contact confirmed to Krebs that the server did indeed belong to Cisco, but downplayed the compromise, describing the RDP server as a “bad lab machine.”

Dedicatexpress.com operates as a sort of middleman, buying selling compromised machines to and from hackers. Interestingly, Krebs notes that the service will not purchase RDP servers from Russia. The policy, Krebs speculates, probably reflects the reality that Dedicatexpress.com’s owners live in Russia and are weary of angering Russian law enforcement.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.