Need Some Espionage Done? Hackers Are For Hire Online: ‘This Cyber Gun For Hire’
Matthew Goldstein, writing in this morning’s (Jan. 16, 2015) New York Times, begins, “a man in Sweden says he will pay up to $2,000 to anyone who can break into his landlord’s website. A woman in California says she will pay $500 for someone to hack into her boyfriend’s FaceBook and Gmail accounts — to see if he is cheating on her.”
“The business of hacking is no longer just the domain of intelligence agencies, international criminal gangs and shadowy political operatives and disgruntled “hacktivists” taking aim at big targets. Rather,” Mr. Goldstein notes, “it is an increasingly personal enterprise.”
“At a time when huge stealth attacks on companies like Sony Pictures, JP Morgan Chase, and Home Depot attract attention, less noticed is a growing cottage industry of ordinary people hiring hackers for much smaller acts of espionage. A new website called, “Hackers List,” seeks to match hackers with people looking to gain access to email accounts, to unflattering photos from a website, or gain access to a company’s database. In less than 3 months of operation, over 500 hacking jobs have been put out to bid on site, with hackers vying for the right to do the dirty work,” Mr. Goldstein wrote.
“In just the past few days,” the New York Times says, “offers to hire hackers at prices ranging from $100, to $5,000, have come in from around the globe on Hacker’s List, which opened for business last November. For instance,”‘ Mr. Goldstein says “a bidder who claimed to be living in Australia, would be willing to pay up to $2,000 to get a list of clients from a competitor’s database,” according to a recent post by the bidder. “I want the client lists from a competitors database. I want to know who their customers are; and, how much they are charging them,” the hacker wrote.
“Others posting job offers on the website were looking for hackers to scrub the Internet of embarrassing photos and stories, retrieve a lost password, or change a school grade. The rather matter-of-fact nature of the job postings on Hacker’s List, shows just how commonplace low-profile hacking has become; and, the challenge such activity presents for law enforcement at a time when federal and state authorities are concerned about their data security.”
“Hacking into individual email, or social media accounts occurs on a fairly regular basis, according to computer security experts and law enforcement officials. In September, the Internet was abuzz when hackers posted nude photos of female celebrities online. It is not clear how successful Hacker’s List will prove to be,” Mr. Goldstein observes. “A review of job postings found many that had yet to receive a bid from a hacker. Roughly 40 hackers have registered with the website; and, there are 844 registered job posters. From the postings, it is hard to tell how many of the job offers are legitimate.”
“The site did get a favorable review on hackerforhirereview.com, which specializes in assessing the legitimacy of such services. The reviewer and owner of that site, who would identify himself only as, “Eric,” in emails, said he gave his top rating to Hacker’s List — because it’s a “really cool concept,” that limits the ability of customers and hackers to take advantage of one another.”
“In light of the novelty of the site, it’s hard to say whether it violates any laws,” Mr. Goldstein noted. “Arguably, some of the jobs being sought on Hackers List — breaking into another person’s email account — are not legal. The founders of Hacker’s List however, contend they neither endorse, nor condone illegal activities.”
“The website includes a 10-pager, Terms and Conditions section, to which all users must agree. It specifically forbids “the service for “illegal purposes.” “Some experts say it is not clear whether Hacker’s List is doing anything wrong in serving as a meeting ground for hacker…and, those seeking to employ them.”
Yalkin Demirkaya, President of the Private Investigation firm, Cyber Diligence, and a former commanding officer of the New York Police Department’s Computer Crime Group, said, “a crackdown would depend on whether law enforcement officials saw it as a priority.” He added, “Hacker’s List may skate by because many of the “people posting the ads, are probably overseas.”
But, Thomas G.A. Brown, a Senior Managing Director with FTI Consulting, and former Chief of the Computer and Intellectual Property Crime Unit of the U.S. Attorney’s Office in Manhattan, said, “hacker-for-hire websites posed problems.” “Hackers-for-hire can permit nontechnical individuals to launch cyber attacks, with a degree of deniability, lowering the barriers to entry for online crime,” he said.
Mr. Goldstein writes that “the website, which is registered in New Zealand, is modeled after several online businesses in which companies seeking freelancers can put projects out to bid. Some have compared the service to a hacker’s version of the classified advertising website — Craigslist. Hacker’s List even has a Twitter account (@hackerslist), where it announces the posting of new hacking assignments.”
“Still,” Mr. Goldstein adds, “the three founders of Hacker’s List are not willing to go public with their own identities — at least not yet. After registering with the website and beginning an email conversation, a reporter contacted one of the founders. Over a period of weeks, the founder, who identified himself only as, “Jack,” said in a series of emails, that he and two friends founded Hacker’s List and that it was based in Colorado. Jack described himself as a longtime hacker, and said that his partners included a person with a master’s degree in business administration; and, a lawyer.” ‘Jack,’ said that “the three were advised by legal counsel on how to structure the website to avoid liability for any wrong-doing by people either seeking to hire a hacker, or by hackers agreeing to do a job. The company, he said, tries to do a small background check on the hackers bidding on jobs to make sure they are legitimate and not swindlers.”
“We all have been friends for a while,” Jack said, in an email to the new York Times, adding that Hacker’s List “was kind of a fluke occurrence over drinks one night. We talked about a niche; and, I built it right there,” he added. “It’s kind of exploded on us, which was never expected.”
“Hacker’s List began its website several months after federal prosecutors and FBI agents in Los Angeles completed a two-year crackdown on the hacker-for-hire industry. The investigation called Operation Firehacker, by the FBI, led to the filing of criminal charges against more than a dozen people across the country — involved in either breaking into a person’s email account, or soliciting a hacker for the job.”
“In New York, information uncovered during the investigation in Los Angeles, led to the arrest in 2013 of Edwin Vargas, a New York Police Department detective — at the time — who was charged with paying $4,000 for the hacking of the email accounts of 43 people, including current, and former New York police officers. Mr. Vargas, who pleaded guilty in November 2013; and, was sentenced to four months in prison, said he had been motivated by jealousy, and wanted to see whether any of his colleagues were dating an ex-girlfriend — who is the mother of his son.”
“The FBI investigation also involved the cooperation of the authorities in China, India, and Romania, because a number of websites where the hackers advertised their experience were based overseas. Still,” Mr. Goldstein says, “the hackers, many of whom comply with the law and act more like online investigators, shows no signs of slowing. Many companies are hiring so-called ethical hackers to look for weaknesses in their networks.”
David Larson, a Director of Operations with NeighborhoodHacker.com, which is incorporated in Colorado, said, he had seen an increased demand from companies looking to make sure their employees are not obtaining sensitive information through hacking. He said in an email to the New York Times, that companies were increasingly focused on an “insider threat,” leading to a breach, or unauthorized release of information.”
“On the website, NeighborhoodHacker describes itself as a company of “certified, ethical hackers,” that works with customers to “secure your data, passwords, and children’s salary.”
Most of what this seems to be about is pretty petty stuff. Anything that costs only $100, to $5,000 is certainly more than a nuisance — if you are the one targeted; but, in the big scheme of things — this is not all that troublesome, in my opinion. When it gets out of hand, law enforcement will act. It is the “black” hacker-for-hire sites, in the dark side of the Internet — where anonymity, sophisticated encryption, and third-party cutouts/disguised routers. etc. — where the real threat lies.
We have already seen what the lone wolf and small group terrorist cells are capable of — in the aftermath of the events in France, Canada, and Australia — not to mention the Boston Marathon bombing. Now, think of a “Dr. No,” or a Cyber serial killer, or cyber thieves who are gaining access to sensitive mergers and acquisition’s/proprietary information — for a trading advantage on Wall Street — and, you have the makings of a serious and more profound cyber threat. Much as the hired gun traveled the old West as a “hired gun,” we now are beginning to see the burgeoning of a similar phenomena in the cyber/digital world. Where this all ends up — is anyone’s guess.
Finally, despite their pledge that the carefully vet the seekers of a cyber hack — how does Hacker’s List, or any other similar type ‘company,’ really know that ISIS, or al-Qaeda, or others who wish us harm, won’t also take advantage of their ‘services.’ After all, Hacker’s List isn’t the only side in this equation that is shielding their true identity. V/R, RCP