Hackers can purchase government login credentials for cheap on the dark web

McAfee’s Advanced Threat Research team recently discovered that hackers have access to many organizations that have weak credentials when using Microsoft’s Remote Desktop component in Windows-based systems. Access to these organizations — whether it’s an airport, a hospital or the U.S. government — can be bought for little money through specific shops on the dark web.

Microsoft’s Remote Desktop Protocol (RDP) essentially allows you to connect and use a Windows-based PC from a remote location. When those login credentials are weak, hackers can use brute force attacks to gain the username and password for each connection. McAfee found connections up for sale across various RDP shops on the dark web ranging between a mere 15 to a staggering 40,000 connections.

“The advertised systems ranged from Windows XP through Windows 10,” says John Fokker, McAfee’sHead of Cyber Investigations. “Windows 2008 and 2012 Server were the most abundant systems, with around 11,000 and 6,500, respectively, for sale. Prices ranged from around $3 for a simple configuration to $19 for a high-bandwidth system that offered access with administrator rights.”

Among the list of devices, services and networks on the menu are multiple government systems on sale worldwide, including those linked to the United States. The team found connections to a variety of healthcare institutions including medical equipment shops, hospitals, and more. They even found access to security and building automation systems at a major international airport selling for a mere $10.

The problem doesn’t just revolve around desktops, laptops, and servers. Internet of Things devices based on Windows Embedded are also on the menu such as point-of-sale systems, kiosks, parking meters, thin client PCs and more. Many are overlooked and not updated, making them a quiet entryway for hackers.

Black market sellers gain RDP credentials by scanning the internet for systems that accept RDP connections, and then use tools like Hydra, NLBrute and RDP Forcer to attack the login using stolen credentials and password dictionaries. Once they successfully log into the remote PC, they don’t do anything but put the connection details up for sale.

After hackers pay for a connection, they can bring a corporation down to its knees. For instance, a hacker could pay a mere $10 for a connection, infiltrate the network to encrypt the files of every PC, and demand a $40,000 ransom. Compromised PCs can also be used to deliver spam, misdirect illegal activity and mine cryptocurrency. Access is also good for stealing personal information and company trade secrets.

“We found a newly posted Windows Server 2008 R2 Standard machine on the UAS Shop,” Fokker writes. “According to the shop details, it belonged to a city in the United States and for a mere $10 we could get administrator rights to this system. UAS Shop hides the last two octets the of the IP addresses of the systems it offers for sale and charges a small fee for the complete address.”

The solution, according to McAfee, is that organizations need to do a better job at checking all their virtual “doors and windows” so hackers can’t sneak in. Remote access should be secure and not easily exploitable.

Emerging Tech

NASA wants help coming up with ways to get rid of astronauts’ space trash

NASA is looking for outside organizations to help it come up withnew ways to dispose of astronauts' garbage for space missions. It's space exploration for the crowdsourcing generation!
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Computing

The best Windows apps

Not sure what apps you should be downloading for your newfangled Windows device? Here are the best Windows apps, whether you need something to speed up your machine or access your Netflix queue. Check out our categories and favorite picks!
Deals

Here’s how to get the most out of your Amazon Prime subscription

In light of the recent price increase for Amazon Prime, you may as well squeeze as much as you can out of it. Here's a quick rundown of everything you have access to with a Prime membership.
Computing

Chrome is still our favorite browser (but Firefox is catching up!)

Choosing a web browser for surfing the web can be tough with all the great options you have out there. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most…
Computing

Netgear says exploit that led to stolen documents was fixed a long time ago

Hackers were able to steal classified military training and maintenance documents following a breach of a standard Netgear router that still maintained the default administrator password.
Computing

Facebook wants to own your face. Here’s why that’s a privacy disaster

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity. Scanning your face is easier than remembering a password, that’s for sure. But while facial recognition technology has gone mainstream with…
Mobile

Apple's third iOS 12 beta may help you save a lot of data

At this year's Worldwide Developer Conference, Apple unveiled its latest operating system, iOS 12. From app updates to group FaceTime, ARKit 2.0, and more, here are all the new features in iOS 12.
Gaming

How to connect your phone to an Xbox One

Microsoft's Xbox app can't do it all, but it does allow you to access your profile information and launch media content directly from your mobile device. Check out our quick guide on how to connect your smartphone to an Xbox One.
Computing

Alexa for PC invades your notebook, signs a truce with Cortana

We took a look at Alexa for PC running on the first notebook to ship with Amazon's digital assistant pre-installed, the Acer Spin 5 convertible 2-in-1. Does she add value to the Windows 10 platform?
Home Theater

From the Roku Ultra to the Fire TV Cube, these are the best streaming devices

There are more options for media streamers than ever, so it’s more difficult to pick the best option. But that’s why we're here. Our curated list of the best streaming devices will get you online in no time.
Computing

Lost without Print Screen? Here's a few ways to take a screenshot on your Mac

Whether you prefer to use keyboard shortcuts or applications such as Grab and Preview, this guide will teach you how to take a screenshot on a Mac. Once you know how, you'll be able to capture images within seconds.
Computing

VR is in a tailspin, and the sales numbers prove it

VR is the future! Except if you look at the data. Sales of the biggest VR headsets, including the HTC Vive, PlayStation VR, and Oculus Go, are all declining. What does it mean for the state of VR, and where do we go from here?
Gaming

‘Pokémon Go’ to jail: Japanese man accused of selling modding accessories

Japanese police have arrested a man accused of selling modified Pokémon Go accessories that allow players to interact with the game without having to do anything but walk by an area.
Smart Home

eBay will give you a free Google Home Mini with any $119 purchase

Google is having a sale, Amazon is having a sale, and now, eBay is having a sale, too. If you're looking for a new smart speaker for your smart home, you can now get a Google Home Mini for free with any purchase of $119 on eBay.
Gaming

Want to play games in peace? Here's how to appear offline on the Xbox One

Sometimes, you just don't want to be bothered while you're playing video games. If you're having one of those reclusive days, we have instructions on how to appear offline on Xbox One.
Computing

The launch of the new MacBook Pro has been a complete disaster

Apple has flubbed what should've been a simple processor bump for the MacBook Pro. From issues with pricing and CPU throttling to the keyboard, the MacBook Pro is in an even worse position than before the update.
Computing

Installing fonts in Windows 10 is quick and easy -- just follow these steps

Want to know how to install fonts in Windows 10? Here's our guide on two easy ways to get the job done, no matter how many you want to add to your existing catalog, plus instructions for deleting fonts in the process.
Computing

Millions of health records may be at stake in ransomware attack

LabCorps revealed that it was a victim of a data breach, and the FBI confirmed it was notified of a ransomware attack. With millions of health records at stake, it's still unclear what information, if any, the attackers accessed.
Computing

Congressman says we should be banned from mining, using cryptocurrency

Congressman Brad Sherman believes the government should prohibit U.S. citizens from mining and using cryptocurrency. As a medium of exchange, cryptocurrencies facilitate narcotics trafficking, terrorism, and tax evasion.
Computing

Apple quietly confirms 2018 MacBook Pro keyboard ships with anti-debris design

Apple appears to have a permanent fix in place to address the MacBook Pro's sticky key problem when it announced the 2018 refresh. But the fix won't be coming to the company's older notebooks, leaving existing owners out in the cold.
Computing

Tired of choosing between Windows and Mac? Check out these Chromebooks instead

We've compiled a list of the best Chromebooks -- laptops that combine great battery life, comfortable keyboards, and the performance it takes to run Google's lightweight Chrome OS. From Samsung to Acer, these are the Chromebooks that really…
Mobile

Fuchsia could eventually replace Android, but it's years away from doing so

Details have emerged about a new operating system Google's developers are working on dubbed Fuchsia OS. Here's everything we know about Google's mysterious new operating system so far.