If you’ve ever wanted to break into your partner’s email, or access a friend’s Facebook account, you can now pay a hacker to do it for you. A controversial website named Hacker's List matches hackers with members of the public who need help accessing sensitive information.
On the anonymously set up site, a so-called 'employer' posts what task they need carried out and hackers then bid for the work.
All members are listed anonymously, but have to provide an email and physical address during the registration process.
However a user could, in theory, get round revealing their identity by using a PO Box address and an alias, for example.
Jobs range from logging into school and university databases to change grades, hacking into email and Facebook accounts to see if someone is cheating, or removing defamatory blog posts and images.
Hacker’s List also has a Twitter account, using the handle @hackerslist, where it posts new hacking assignments.
One assignment on the site reads: ‘Seeking authentic professional with capabilities for two things: Remove content and image from online, or de-index online report.
'Either of these will be acceptable.
‘This assignment is very, very crucial to me and as such only individuals with experience and capabilities should contact this ad.’
This employer is offering between $300 (£198) and $4,000 (£2,640) for the job.
Another reads: ‘Defamatory blog post removal de-indexing: A blog comes up on Google.
'It quoted defamatory information from 20 years ago and [is] now costing me jobs, business and my kids to be bullied.
‘Need this permanently solved by being dropped from [number one] on search.’
The site said: ‘Hiring a hacker shouldn't be a difficult process.
‘At Hacker's List we want to make the process simple and worry free.
‘We want to make everyone as comfortable as possible when it comes to payments, privacy and quality of work.’
Some of the jobs being posted on Hacker’s List are illegal, such as accessing email and Facebook accounts without permission, but the site told the New York Times that it is 'insulated from any legal liability because [it] neither endorses nor condones illegal activities.’
The specific laws under which they are governed depend on the country in which the activity is taking place.
And its terms and conditions say use of the service ‘for any illegal purposes, including, without limitation, prostitution and/or solicitation’ is forbidden.
Adding: ‘We reserve the right, but have no obligation, to monitor all interactions between you and other users of our service and to take any action in good faith to restrict access to or the availability of any material that we or another user of our service may consider to be illegal, obscene, lewd, lascivious, filthy, excessively violent, harassing or otherwise objectionable.’
The legitimacy of the jobs being posted, and bids, have also not been verified, and there are numerous spelling mistakes across the site. But the site explained it has dispute resolution specialists if a job fails, that all payments are discreet, and it uses ‘strict privacy controls’.
Some critics believe the site could also be a hoax.
Raj Samani, EMEA chief technology officer at Intel Security said: 'The introduction of Hackers List is further evidence that today’s cybercriminals require no technical knowledge, as the necessary technical skills can easily be outsourced.
'Regarding this particular site there have been question marks regarding its authenticity, but it does clearly demonstrate the general demand in hiring hackers.'
Computer security expert Graham Cluely told MailOnline: ‘It's clear from a quick perusal of Hacker’s List that although there are, without doubt, some ethical hackers and penetration testers up there who are acting within the law, it is also a thriving marketplace for computer crime. ‘Hacker's List is a site for those with no ethics and no IT skills.’
Penetration testing is carried out by websites, for example, to test how secure their sites are.
Firms will hire hackers to attempt to infiltrate their networks and highlight flaws.
As long as the request comes from the site owner, this is legal.
Mr Cluely added that he gets emails from internet users asking how to hack their way back into accounts, and some ask how to hack into their partner’s accounts.
‘Of course, all of these activities are illegal and offences under computer crime laws,’ he continued.
‘Hackers List's acceptable use policy claims that you cannot use its services for any activities which breaks the law, it relies on users reporting abuse rather than actively policing and vetting postings.
‘Of course, it shouldn't be forgotten, Hacker's List makes money every time a job is completed.
‘If hacking Facebook accounts and attacking websites are among the most common listings on the site, they may be very tempted to turn a blind eye to such activities as it helps the site's owners earn cash.’
An online search reveals the domain is registered by someone called David Harper, listed in ‘Wellington, CO’, which suggests the site is based in Colorado, but the country is listed as New Zealand.
The address is a PO Box and the phone number is not active.
The IP location, on the other hand, is shown in Los Angeles because the registrant is using Cloudflare and Google-hosted mail services. A blog post from a site called Hackerslisted has described its attempts to identify the founders, and the confusion about where the site is based.
No comments:
Post a Comment