Now for Sale: Hacking-as-a-Service

Hackers have traditionally attended public forums to sell software, malware, and services to other cybercriminals. The most sophisticated cybercrooks avoid these forums because they tend to attract newbies, potential “clients” may be undercover law enforcement agents, and the prevalence of price negotiation can lower prices for their products. For these reasons, the number of invitation-only criminal forums requiring registration fees and/or guarantors (vouchers) has increased.

This trend will continue, but to improve anonymity without discouraging buyers, McAfee Labs expects online sales sites modeled on legal trade activities to grow in 2013.

Online sales sites have many advantages. Buyers can:

  • Make their choices with the click of a mouse
  • Use an anonymous online payment method, such as Liberty Reserve
  • Receive their purchases without any negotiations or direct contact with the seller

Purchases made directly on the Internet are more secure and anonymous, and it is easier for prospective buyers to find the services they are looking for. As these sites become more diversified, we expect to see growth in these areas:

  • High-level audit services
  • Offers for project development for cybercriminals
  • Offers for zero-day attacks or spying services reserved for the sole use of governments or secret services

As these services continue to grow, it will be difficult to determine which sites are legitimate and which sites are operated by cybercriminals.