NEW YORK (MainStreet) — Put aside the question of illegality. Much of what you will read about here is blatantly illegal and what isn’t unlawful, almost certainly is just plain wrong. That’s because right now, there are tens of thousands, maybe more, hackers for hire who are peddling their skills on the Internet. When the price is right, they are at your service.
To do what? “Absolutely anything you want is available,” said Raj Samani, CTO of Intel Security.
For example, on HackersList, kind of a Craigslist or TaskRabbit for criminal hackers, a gentleman posting as RickTrick wants to pay $200 to $300 for a hacker to log into his fiancée’s two Gmail accounts.
Suavescrib69 has a similar concern - with $300 to $500 to spend - but his ambitions are broader. He wants to “access my soon to be wife's Passwords. Which would include email, Facebook, instagram. I would also like to gain access to pictures and text messages on her cell phone. We are getting married in a couple months.”
Brador64 has an altogether different problem and a budget up to $1,000. He wants a hacker to expunge a recent DUI from his Arizona driving record and, in the process, the suspension that now is on his license. While you are in there, he’d also like records of any other tickets he has received deleted.
Know that HackersList is just one of many websites that hook up hackers with customers.
Is any of this legal? Go back and read this article’s first sentence. Of course hacking into the Arizona DMV and deleting drunk driving records is a crime. Accessing photos on somebody else’s cellphone probably is not a crime, but it definitely is not nice. That’s not the point, however. The point is that on sites like HackersList citizens post projects. Hackers can send personal messages seeking more info, and they also can bid on work that strikes their fancy.
Then there also are proliferating services that offer Distributed Denial of Services (DDoS) for hire. That’s a way to overwhelm a website with bogus traffic, rendering it inaccessible. Many DDoS providers advertise in plain sight on the Internet, and that is because they portray themselves as offering “stress testing” of companies and other organizations. The charade is that companies are hiring out their own stress test, but, said sources, there is no validation that the buyer of the services - which can cost as little as a few dollars per hour, said Samani, to knock a website offline - has any connection whatsoever to the victim. So fired employees, for instance, are believed to be exacting a vengeance by hiring DDoS to knock the former employer for a cyber loop. Mad at a community bank for turning down a car loan application? A dose of DDoS just may teach a lesson. DDoS is kind of an all-purpose, 2015 way to get even.
The big question: are these cyber tough guys in fact any good at hacking?
Many of the DDoS services in particular are believed by experts to be competent, in part because DDoS is a commoditized service that is quite easy to deliver. The online advertisers cannot knock down a money center bank, but if a person is mad a dry cleaner....
As for the hackers for hire to perform tasks such as gaining access to others’ GMail accounts and state DMV records, opinions are less favorable. Steve Santorelli, a onetime Scotland Yard bobby on the cybercrime beat who now works with security firm Team Cymru, sniffed, “The quality of the product is generally very low: relatively inexperienced criminals looking to use automated tools to catch low hanging fruit.”
That’s a key issue. Highly skilled hackers - the kind behind, say, the Anthem hack where some 80 million customer records were exfiltrated - are in high demand. Criminal organizations and nation states alike covet their skills and are ready to pay for them.
The hackers available in the online marketplaces just may be, as Santorelli suggested, something less than top flight. But they nonetheless may have the skills needed to get many jobs done, because, nowadays, DIY hacking toolkits are also popping up online and a would-be criminal hacker who may lack the technical skills often can simply buy tools that will get the job done.
Even so, there may be simple self preservation reasons not to hire a hacker in an online bazaar. Anthony Perez, CEO of No Password, Inc., an Internet security firm, said: “I would not hire a hacker who is offering their services via public websites, because there is no credible way to determine their expertise and/or validate their identity.”
Then, too, almost definitionally, these are not nice people and that could mean bad news for their customers. A person who will hack into your wife’s Gmail can’t be assumed to have much human kindness - and that just could put you in the line of his fire too.
A last reason to forget about all of this: if you are ripped off by a hacker, “you can’t exactly go to the police,” said Intel’s Samani. And the hacker knows it.
—Written by Robert McGarvey for MainStreet