Hackers Caught Selling Remote Access Security Systems to Airport on the Dark Web for Only $10

Sieeka Khan, Tech Times 11 December 2020, 07:12 am

Believe it or not, for only $10, you can purchase the remote access security system to a major international airport in a hacker marketplace.

Hacker sites

A Russian-language site has been selling access to thousands of hacked computers, including those that are connected to an airport's security and building automation systems in the United States, according to The Verge.

The cybersecurity firm McAfee was the one that noticed the sale, and has been investigation underground marketplaces that specialize in selling remote access to numerous compromised servers around the country.

Also Read: Cit0day Leak: Around 13 Billion User Files from 23,000 Hacked Databases Shared in Two Hacking Forums

For years, Microsoft has been offering system administrators a way that they can control other company computers via the Remote Desktop Protocol or the RDP.

However, the RDP-enabled systems have also become a target for numerous cybercriminals, who then use them for different hacking schemes.

The Ultimate Anonymity Services, the Russian-language marketplace, has been offering access to almost 40,000 RDP systems, according to a blog post by McAfee. Thousands are Windows-based servers and some of them are based in the United States.

McAfee said that prices ranged from $3 for a simple configuration to $19 for high-bandwidth system that gives access with administrator rights.

Security systems are compromised

So how were hackers able to compromise so many servers? The whole process not as complicated. According to McAfee, hackers can simply scan the internet for systems that accept RDP connections and launch a brute-force attack with well-known password-cracking tools.

The hackers can then sell their steals on a marketplace, mostly on the dark web, and it fuels cybercrime. A compromised server can be used as a launching pad to create spam email, it can send out malware or it can mine cryptocurrency.

In more horrible schemes, hackers steal all of the data from a compromised server or infect it with ransomware. This can leave the system's owner to deal with the massive consequences that usually involves fraud and identity theft.

McAfee stated that in the case of the vulnerable airport system, it was simply sold as access to a Windows-based server. But the security firm began investigating further and noticed that it used IP addresses from a major airport.

The same server was also exposed on the open internet and it has user accounts relating to two companies that specialize in airport security.

Even though the incident is very worrisome, the underground marketplaces that sell RDP access to hacked servers have been around for the past few years.

McAfee recommends that system administered use complicated passwords and at least two-factor authentication on computers that has remote access. RDP connections should also be firewalled and there should be regular checks made in order to lookout for unusual login attempts.

In October 2020, NBC News reported about Trustwave, a cybersecurity company, that caught a hacker offering 186 million voter records from the United States and 245 million records of personal data on the dark web.

The company monitors dark web forums for any threat information, and it came across a hacker named Greenmoon2019 who was offering the data, and the hacker used Bitcoin wallet to collect the payment.

The FBI is currently investigating the case.