Photo: App Store
A Russian company called “dedicated express” is selling access to private company servers for as little as $4, according to a recent report.Security investigative journalist Brian Krebs said in a post on his website krebsonsecurity.com Oct. 22, “The service I examined for this post currently is renting access to nearly 17,000 computers worldwide, although almost 300,000 compromised systems have passed through this service since its inception in early 2010.”
Krebs says the problem stems from corporations use of ‘remote access’ networks, which allow workers to access their corporate desktops from home. The service is called Remote Desktop Protocol, and it’s built into Microsoft Windows “to give users graphical access to the host’s PC desktop.”
Experts in the research community as well as in cyber security fields have raised increasingly dire warnings about U.S. cyber security. Two particularly thin skinned areas they mentioned most were infrastructure, as well as outdated networks open to employees for remote access.
Jarno Limnell, a cyber security expert, recently told Business Insider, “”Cyberwarfare is like Wild West right now, there’s a huge lack of norms and rules.”
Photo: via dedicatedexpress.com
This lack of norms couldn’t be exemplified any better than by this Russian website, which gleefully markets illegal access to American servers and even promises customer support if any problems occur.They are not the only guilty party though, the U.S. is anything but a hard target. It only took getting to the letter C on an alphabetical list before Krebs found a Fortune 500 website on the “dedicated express” site. It was Cisco. Their username? “Cisco”. Password? You guessed it: “Cisco.”
“A contact at Cisco’s security team confirmed that the hacked RDP server was inside of Cisco’s network; the source said that it was a “bad lab machine,” but declined to offer more details,” wrote Krebs.
The company can hardly blame “hackers” for stumbling on to such an obvious username and password scheme. A more complete guide for protecting usernames and passwords can be found here.
The service, according to the report, doesn’t sell any hacks to Russian companies “probably because its proprietors are from that country and do not wish to antagonize Russian law enforcement officials.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.