Hackers for HireFebruary 2, 2010 - 1:59 PM | by: David Lee Miller
They go by names such as Piratecrackers, Yourhackers and Slickhackerz. Although illegal, a handful of internet services brazenly advertise that for a usual hundred dollar fee they can obtain almost any email password. One site boasts that it provides an ideal way to catch a cheating spouse or significant other.
George Washington University Law professor, Orrin Kerr who worked as a prosecutor specializing in computer crime said although these services are breaking the law, prosecuting them is “a low priority for law enforcement.” According to Kerr the crimes are hard to investigate because “not many victims know they have been victimized.”
Internet security consultant Kevin Mitnick, said these hackers for hire use “social engineering” rather than technology to hack into a victim’s email account. In other words they use elaborate trickery to fool people into revealing their passwords. Mitnick should know. He was once the FBI’s most wanted hacker. After serving five years in prison he turned his life around.
In order to expose how these hacker services work, Mitnick set up an email account for a fictitious girlfriend. He then asked the hackers to steal the password. Before the hackers could go to work they requested additional information. Mitnick received an email asking for the name of someone who was his girlfriend’s close friend.
According to Mitnick’s investigation, the hackers then send the intended target an electronic greeting card that appears to come from someone they know. By clicking on the link to view the e-greeting the victim is redirected to what looks like the sign on page for Google, AOL or whatever service the victim uses for email.
The site is a phony created by the hackers. Since the target is already signed into an email account re-entering a password should not be required. According to Mitnick, most people don’t hesitate to sign on again and re-enter their password. What they are really doing is sending it to the hackers.
The deception is called phishing. In order not to arouse any suspicion, the fake web site even produces the promised e-greeting, complete with music and animation.
Recognizing that potential customers might be understandably reluctant to pay prior to getting the hacked password, all of the hacking services ask for payment only after they provide proof of their success. Such proof can be a screen snap shot revealing the contents of the hacked account.
While law professor Kerrr said the hackers and the people who hire them are breaking the law, there is another reason not to employ hacking services. In some instances, Mitnick said the hackers threaten to contact the person hacked and to expose whoever hired them unless paid an additional fee. He says what began as email theft elevates to “cyber-extortion.”
In order to prevent falling victim to this or a similar scam Mitnick advises checking the browser address bar to confirm you are on the correct web page and not a lookalike. He also warns that if you have been re-directed from one site to another never enter a password or personal information.