Skip to main content

Hackers can purchase government login credentials for cheap on the dark web

McAfee’s Advanced Threat Research team recently discovered that hackers have access to many organizations that have weak credentials when using Microsoft’s Remote Desktop component in Windows-based systems. Access to these organizations — whether it’s an airport, a hospital or the U.S. government — can be bought for little money through specific shops on the dark web.

Microsoft’s Remote Desktop Protocol (RDP) essentially allows you to connect and use a Windows-based PC from a remote location. When those login credentials are weak, hackers can use brute force attacks to gain the username and password for each connection. McAfee found connections up for sale across various RDP shops on the dark web ranging between a mere 15 to a staggering 40,000 connections.

“The advertised systems ranged from Windows XP through Windows 10,” says John Fokker, McAfee’sHead of Cyber Investigations. “Windows 2008 and 2012 Server were the most abundant systems, with around 11,000 and 6,500, respectively, for sale. Prices ranged from around $3 for a simple configuration to $19 for a high-bandwidth system that offered access with administrator rights.”

Among the list of devices, services and networks on the menu are multiple government systems on sale worldwide, including those linked to the United States. The team found connections to a variety of healthcare institutions including medical equipment shops, hospitals, and more. They even found access to security and building automation systems at a major international airport selling for a mere $10.

The problem doesn’t just revolve around desktops, laptops, and servers. Internet of Things devices based on Windows Embedded are also on the menu such as point-of-sale systems, kiosks, parking meters, thin client PCs and more. Many are overlooked and not updated, making them a quiet entryway for hackers.

Black market sellers gain RDP credentials by scanning the internet for systems that accept RDP connections, and then use tools like Hydra, NLBrute and RDP Forcer to attack the login using stolen credentials and password dictionaries. Once they successfully log into the remote PC, they don’t do anything but put the connection details up for sale.

After hackers pay for a connection, they can bring a corporation down to its knees. For instance, a hacker could pay a mere $10 for a connection, infiltrate the network to encrypt the files of every PC, and demand a $40,000 ransom. Compromised PCs can also be used to deliver spam, misdirect illegal activity and mine cryptocurrency. Access is also good for stealing personal information and company trade secrets.

“We found a newly posted Windows Server 2008 R2 Standard machine on the UAS Shop,” Fokker writes. “According to the shop details, it belonged to a city in the United States and for a mere $10 we could get administrator rights to this system. UAS Shop hides the last two octets the of the IP addresses of the systems it offers for sale and charges a small fee for the complete address.”

The solution, according to McAfee, is that organizations need to do a better job at checking all their virtual “doors and windows” so hackers can’t sneak in. Remote access should be secure and not easily exploitable.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
If you want to buy an RTX 4090, now might be your last chance
Nvidia GeForce RTX 4090 GPU.

There's no disputing that the RTX 4090 is one of the best graphics cards you can buy, but now might be your last chance to buy it. According to members of the Board Channels forum (via VideoCardz), Nvidia has discontinued the graphics card and will stop fulfilling new orders this month.

We saw this coming. Last month, members of the Board Channels forums signaled that Nvidia was getting ready to discontinue the RTX 4090 to make way for next-gen RTX 50-series GPUs. Nvidia hasn't said it's discontinuing the card, and it likely won't, but some regions are already experiencing shortages and increased prices. The German outlet PC Games Hardware writes: "It is now becoming increasingly clear that the GeForce RTX 4090 ... will soon have reached its end of lifetime," following high prices and "increasingly poor availability" in the region.

Read more
How to use iPhone Mirroring on your Mac
Apple's Craig Federighi demonstrates the iPhone Mirroring feature in macOS Sequoia at the Worldwide Developers Conference (WWDC) in June 2024.

Earlier this year, Apple introduced iPhone Mirroring. This macOS Sequoia feature puts a mirrored version of your iPhone right on your Mac’s desktop, enabling you to interact with your iPhone without ever needing to have it in your hands. You can open iOS apps, send emails, change settings, and much more, all from the comfort of your Mac.

Read more
How to install an Intel processor
Installing your first Intel processor? Follow these simple steps to do it right
Coffee Lake

Choosing the best new CPU is a big deal, but once you've done it, you'll need to install the device.

Installing an Intel CPU is just as easy as installing an AMD one, with some minor caveats that make it a little different. You'll need a few pieces of equipment before we get started, but nothing that will cost you more than a few dollars.
Step 1: Prepare your tools

Read more