Hacking as a Service Hits the Mainstream

A fledgling website created last fall connects hackers with clients willing to pay for their services.

Nearly 50 hackers have listed their services onHacker’s List so far, for tasks including data recovery, penetration testing and computer forensics.

More than 500 hacking jobs had been out to bid as of last week, with prices ranging from US$100 to $5,000, according to a New York Times report.

One bidder reportedly offered up to $2,000 to get a list of clients from a competitor’s database; another sought access to a boyfriend’s social-media accounts.

The process is handled anonymously, and Hacker’s List reportedly collects a fee for each completed assignment.

Hacker’s List did not respond to our request for further details.

A Money-Back Guarantee

The creators of the Hacker’s List want to make the task of hiring a professional hacker worry-free and painless, according to the website.

A strict review process ensures that only the best hackers can list their services on the site, it proclaims. Anyone who draws too many complaints is removed from the list and banned.

There’s a money-back guarantee and a formal process for handling disputes and reviews.

“There are always ways to track people down,” said Rob Enderle, principal analyst with Enderle Group.

“Doing this above board is likely better because you know more about what you are getting, and it removes much of the stigma,” told the E-Commerce Times.”It simply looks more honest — and for the better coders, this is a better way to get work.”

The Consumerization of Hacking

Hacking as a Service actually has been around “for quite some time through underground ‘dark Web’ markets,” said Ken Westin, a security analyst with Tripwire.

“In the past, providers of this kind of service have focused on assistance that makes it easier for cybercriminals to hack into systems for financial gain,” he told the E-Commerce Times.

The addition of these new services signals “the consumerization of hacking services, because they can now be employed by people with motives outside of financial gain, including revenge and personal vendettas,” Westin noted.

The consumerization of cybercrime began with tools like spyware for phones and laptops that allow anyone to track a victim, he noted.

“Custom services are a natural next step, and it’s likely that these services will continue to evolve as long as there are people willing to pay for them,” Westin predicted.

“An entire underground economy has emerged around cybercrime over the last few years,” he observed. “The evolution of that economy to include this type of activity should not surprise anyone.”

A Possibility of Prison

Although contract hacking services may not be altogether surprising, the legality of those services remains to be determined, despite the fact that Hacker’s List specifically forbids the use of its service for illegal purposes.

“Many hacking activities are covered by federal laws, as well as state laws, and both the actors and the inducers are liable — which could include prison,” said technology attorney Ray Van Dyke.

“Inducement to commit crimes is itself a crime, which is independent of whether or not the actual crime was committed,” he told the E-Commerce Times.

“Thus, a U.S. citizen hiring a foreign hacker could be liable for inducing a crime. This is akin to hiring a hitman or someone to do physical harm to another. The instigator is separately liable,” Van Dyke explained.

“There are legitimate ways to investigate individuals and companies that do not involve illegal or questionable activities,” he pointed out.

Aiding and Abetting

Hiring someone to commit a crime is itself a crime, noted Chester Wisniewski, a senior security advisor at Sophos.

“Whether that happens to be online doesn’t change the rules from what it would be in real life,” he told the E-Commerce Times.

“Whoever is running this ‘service’ is aiding and abetting criminal solicitation, and anyone participating in these activities is breaking the law,” he maintained.

“Governments around the world are monitoring this,” Tirias Research’s Jim McGregor told the E-Commerce Times. “Who knows — maybe one of them is even hosting the site.”

Katherine Noyes has been reporting on business and technology for decades. You can find her on Twitter and Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

E-Commerce Times Channels