Skip to main content

Hacker Selling Access to Gov Websites for $500

Security firm Imperva said last week that sixteen government, military and educational websites have been hacked are now up for sale for anyone wanting to take control.

The firm originally stumbled across this revelation while scanning through underground forums. One hacker was discovered to be offering full control of a website used by the U.S. Army's Communications-Electronics Command (CECOM), granting virtual keys to the backdoor for just under $500 bucks.

And that's just for starters. According to Noa Bar-Yosef, Imperva senior security strategist, this particular hacker also claims he has control over numerous additional websites owned by the military, the government and universities. The price to gain access to these websites depend on their importance and level of use, ranging from $33 to $499.

"You can actually buy the capability of being the administrator of the website," she told Computerworld, adding that databases of personal information are also up for grabs at $20 per thousand records-- one case even reveals a data pack of 300,000 people up for a hefty price.

The hacker in question is reportedly using SQL injection to gain access to the websites. According to the Wikipedia definition, this is "a code injection technique that exploits a security vulnerability occurring in the database layer of an application." Typically hackers look for poorly-written web pages sporting search boxes and/or data-entry forms that connect with back-end databases. Hackers then use an automated tool to sneak database commands in through those faulty pages.

Although Imperva marked out the list of website names that are up for sale, security blogger Brian Krebs posted a screenshot of the forum post unedited, revealing sites such as the University of South Carolina in Beaufort, the Department of Defense Pharmacoeconomic Center, the State of Utah's official website and more.

"Amid all of the media and public fascination with threats like Stuxnet and weighty terms such as 'cyberwar,' it’s easy to overlook the more humdrum and persistent security threats, such as Web site vulnerabilities," he said. "But none of these distractions should excuse U.S. military leaders from making sure their Web sites aren’t trivially hackable by script kiddies."

  • fayzaan
  • dogman_1234
    The Internet has become a game. Pretty soon we will be playing a cat-and-mouse game with each other for world domination. But, that is just a conspiracy.

    I can see the headlines:

    "Pentagon Up For Sale For 500 Thousand!"
  • joelmartinez
    Pwned, no fan of hacking though I got pretty pissed off when one of those dirtbags tried to mess with me.
  • droidnet
    Ha ha ha and pretty soon corporate networks will be for sale as well - now you will be able to make some money off of those.
  • micr0be
    if i'd sold my sql injection entries i'd be rich by now ... but that would mean breaking rule #1
    what a pathetic way to make money.

    p.s if anyone is wondering yes government sites are sometimes easier to get into then online blog sites.
  • JD13
    Do you want to play a game?

    Does that rings any bells?

    That's cheap, compared to how much trouble they can get into for doing it.
  • mayankleoboy1
    "Pentagon Up For Sale For 500 Thousand!"

  • hardcore_gamer
    good news for michael western
  • alyoshka
    Looks like Die Hard 4 is going to happen someday real soon.....
  • fjiekie
    not really, these are just websites, not something too important
    (ok, they have personal information, but they cant change anything (hoping they have backups of the databases...))