If you want access to a government website, you don’t need to be a computer savvy spy. You just need enough cash to pay a hacker to do the technical heavy lifting for you. According to the data security firm Imperva, one such hacker is now selling access to government, military, and education websites around the world — and for relatively little money.
Access to European and U.S. websites is being sold for prices ranging from $55 to $499. Screenshots posted on Imperva’s blog show that access to the website of the U.S. Army costs $499 for control of ” full site admin” and “high level informations.” The National Guard’s site is also $499 and includes “MySQL root access.” The U.S. Department of Defense’s website access is listed at $399 for control of “full site admin, control/root access, high value informations.”
“The victims’ vulnerabilities were probably obtained by SQL injection vulnerability automatic scanner and exploited in automatic manner, as the hacker published his methods in a post in some hacker forum,” Imperva said in a blog post.
In addition to website access, the unnamed hacker is also dealing in entire website databases that include names, e-mail addresses, phone numbers and street addresses. The database information can be had for $20 per 1,000 names. A screenshot posted by Imperva reveals that the information from the University of Connecticut is among the databases that are up for sale.
While some are suspecting a scam, at least one security expert thinks that the hacks are genuine. “I’ve seen some of the back-end evidence of his hacks, so it doesn’t seem like he’s making this up,” says former Washington Post reporter Brain Krebs in a blog post.
In addition to site access, the hacker will also ply his trade on “normal” and “high profile” websites, charging $9.99 for the service and $2 for a report on vulnerabilities.