Technology

Marketplace for hacked-server sales may be much bigger than reported

A marketplace for hijacked servers may have been more than twice as large as previously reported.

Last week, international software security firm Kaspersky Lab announced it had discovered an online marketplace for hacked servers called xDedic. The marketplace, which allowed anyone to purchase access to servers for as little as $6, has since been shut down. 

{mosads}One day after Kaspersky reported that the marketplace had stocked access to more than 71,000 servers, it received a tip via Twitter that led it to an even larger list of IP addresses.

According to a company blog post, the list contained 100,000 new servers allegedly sold on the xDedic site, including IP addresses for sale between 2014 and February 2016. Kaspersky had previously only looked IPs for sale from the end of March and beyond.

The company acknowledged that the tip was suspicious. 

“We usually take such comments with a pinch of salt and generally don’t pay too much attention to comments with strange links,” it wrote in the blog post.

But if authentic, the list dramatically changes the known scope of the xDedic site.

It also gives a sense of the inventory turnover rate for hijacked servers. Fewer than 18,000 of the IP addresses in stock in February were still available in March. 

Criminals can use such a server as an outpost to launch further cyber attacks or for data hosting, or can scour such sites for valuable information. 

Servers make a particularly valuable addition to networks of hijacked computers used in synchronized attacks known as botnets. 

Sens. Lindsey Graham (R-S.C.), Sheldon Whitehouse (D-R.I.), and Richard Blumenthal (D-Conn.) have repeatedly introduced legislation to prevent the formation of botnets.

Civil liberties groups and many researchers have repeatedly argued against the proposal, saying it permits unauthorized government agents to hack infected computers and potentially hampers research into security vulnerabilities. 

Tags Lindsey Graham Richard Blumenthal Sheldon Whitehouse

The Hill has removed its comment section, as there are many other forums for readers to participate in the conversation. We invite you to join the discussion on Facebook and Twitter.

See all Hill.TV See all Video

Most Popular

Load more

Video

See all Video