Imperva, a data security firm, discovered a hacker is selling alleged access to military, government and educational sites across the globe. Prices range from $499 for U.S. military websites to $55 for MySQL root access to the State of Michigan website.
Imperva thinks the hacker was able to gain access through a code injection technique.
“The victims’ vulnerabilities were probably obtained by SQL injection vulnerability automatic scanner and exploited in automatic manner, as the hacker published his methods in a post in some hacker forum,” Rob Rachwald wrote in a post on the Imperva Data Securities Blog. (Good thing these guys are keeping an eye on the seedy underbelly of the Web.)
Former Washington Post reporter, Brian Krebs thinks the hacks are legit.
“I’ve seen some of the back-end evidence of his hacks, so it doesn’t seem like he’s making this up,” he writes on his KrebsonSecurity blog.
Thanks to a few mostly-unaltered screenshots from Krebs’ blog we are able to see the hacker is making more services available to those willing to pay.
The hacker will also “hack a normal website,” scan a site for vulnerabilities for $2 and give you 3MB of random hacked accounts for $65. Check out the screenshot below to see his or her full portfolio of offerings.