Skip to main content

Hackers can purchase government login credentials for cheap on the dark web

McAfee’s Advanced Threat Research team recently discovered that hackers have access to many organizations that have weak credentials when using Microsoft’s Remote Desktop component in Windows-based systems. Access to these organizations — whether it’s an airport, a hospital or the U.S. government — can be bought for little money through specific shops on the dark web.

Microsoft’s Remote Desktop Protocol (RDP) essentially allows you to connect and use a Windows-based PC from a remote location. When those login credentials are weak, hackers can use brute force attacks to gain the username and password for each connection. McAfee found connections up for sale across various RDP shops on the dark web ranging between a mere 15 to a staggering 40,000 connections.

“The advertised systems ranged from Windows XP through Windows 10,” says John Fokker, McAfee’sHead of Cyber Investigations. “Windows 2008 and 2012 Server were the most abundant systems, with around 11,000 and 6,500, respectively, for sale. Prices ranged from around $3 for a simple configuration to $19 for a high-bandwidth system that offered access with administrator rights.”

Among the list of devices, services and networks on the menu are multiple government systems on sale worldwide, including those linked to the United States. The team found connections to a variety of healthcare institutions including medical equipment shops, hospitals, and more. They even found access to security and building automation systems at a major international airport selling for a mere $10.

The problem doesn’t just revolve around desktops, laptops, and servers. Internet of Things devices based on Windows Embedded are also on the menu such as point-of-sale systems, kiosks, parking meters, thin client PCs and more. Many are overlooked and not updated, making them a quiet entryway for hackers.

Black market sellers gain RDP credentials by scanning the internet for systems that accept RDP connections, and then use tools like Hydra, NLBrute and RDP Forcer to attack the login using stolen credentials and password dictionaries. Once they successfully log into the remote PC, they don’t do anything but put the connection details up for sale.

After hackers pay for a connection, they can bring a corporation down to its knees. For instance, a hacker could pay a mere $10 for a connection, infiltrate the network to encrypt the files of every PC, and demand a $40,000 ransom. Compromised PCs can also be used to deliver spam, misdirect illegal activity and mine cryptocurrency. Access is also good for stealing personal information and company trade secrets.

“We found a newly posted Windows Server 2008 R2 Standard machine on the UAS Shop,” Fokker writes. “According to the shop details, it belonged to a city in the United States and for a mere $10 we could get administrator rights to this system. UAS Shop hides the last two octets the of the IP addresses of the systems it offers for sale and charges a small fee for the complete address.”

The solution, according to McAfee, is that organizations need to do a better job at checking all their virtual “doors and windows” so hackers can’t sneak in. Remote access should be secure and not easily exploitable.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Save $400 on this Dell PC with an RTX 4070, 32GB of RAM, 1TB SSD
The Dell XPS desktop on a table.

If you're willing to spend on desktop computer deals for a machine that will offer flagship performance for all of your needs, it's highly recommended that you go with the Dell XPS Desktop 8960. This certain configuration that's on sale from Dell will let you enjoy savings of $400 on its original price of $2,250, so you'll have to pay $1,850 -- it's still not cheap, but it's going to be worth every single penny at this discounted price. You're going to have to be quick though -- this is a clearance sale, so there's no telling when the offer expires and when stocks will run out.

Why you should buy the Dell XPS Desktop 8960
The Dell XPS Desktop 8960 isn't just an excellent PC -- it's our top pick among the best desktop computers for its flexibility to accommodate almost any budget and purpose. This particular model of the PC features the 13th-generation Intel Core i9 processor, the Nvidia GeForce RTX 4070 graphics card, and 32GB of RAM, which will make it more than enough to tackle even the most demanding tasks, while also offering high-end gaming potential to play the best PC games for whenever you need to take a break from work.

Read more
Best color laser printers for 2024: tested and reviewed
A Brother printer on a counter in front of a brick wall.

The best color laser printers can be a great investment, saving you quite a bit of time and money. For shoppers worried about the long-term ink costs, you'll find color laser printers surprisingly affordable. Laser printers use toner, which lasts a very long time, delivering a low cost per page for monochrome documents and fast color prints. The best color laser printers offer quick performance and reliability to help keep your home office or small business productive.

If you need to scan documents for record-keeping and photo capture or want the convenience of a color copier, an all-in-one color laser printer is an essential tool for your small business or personal use. For a small added cost, you get expanded capabilities. That's why every model on this list is an all-in-one from the best printer brands.

Read more
The 5 best Wi-Fi adapters for PC in 2024
The Ugreen AC1300 Wi-Fi adapter in a desktop PC.

Whether you're designing it yourself or getting a pre-built PC, it can be easy to get a computer and realize that it doesn't have a native Wi-Fi adapter. Or, maybe it does, but you're internet speeds are getting faster, game downloads are getting bigger, you've already upgraded your router and need an adapter to match your newfound power requirements. No matter the situation, an external Wi-Fi adapter that you can add to your PC setup or even laptop setup will be worth your time. Here, we investigate the best Wi-Fi adapters for PC use. Most are incredibly affordable and just snap into a free USB port and start working.
The best Wi-Fi adapter for PC in 2024

Buy the

Read more