From Anonymous to Lulzsec to the Syrian Electronic Army, we are currently being bombarded with news of high-profile hackers and their high-minded exploitation of Web weaknesses. They often seem to be motivated by political ideals, or revenge, or the desire to make mischief and show off. So it’s easy to forget that the most powerful motivator of all is, of course, money.
Just last week, a Pennsylvania man, 24-year-old Andrew James Miller, pleaded guilty to one count of conspiracy and two counts of computer intrusion. From 2008 to 2011, Miller allegedly hacked into “various commercial, education and government computer networks” to steal log-in information and install “backdoors” into the system, in order to sell access to the networks later, according to the Department of Justice.
"After being scammed a few times I realized that these guys are completely un-regulated and can pretty much do what ever they want and get away with it."
Did Miller care what his customers did with that access, or what their motivations were? Who knows. What we do know—according to PC World—is that he was arrested last year after “he tried to sell secret access to two U.S. government supercomputers for $50,000 to an undercover FBI agent.” Ouch.
Miller also “bragged to FBI agents online that he had broken into the corporate servers of American Express, Yahoo, Google, Adobe, WordPress and other companies and universities,” according to Wired, which obtained the court documents. “Miller also sold the FBI — for $1,000 — access to the domain of the Domino’s Pizza chain, according to court records.”
Miller is a now-notorious example of the other type of computer hacking: the much less dramatic, less public, and less ideologically motivated hacking that occurs every day, in the underground economy of hackers for hire. Not every potential hacking customer wants to break into a government supercomputer. Most clients are looking for a way into someone’s email account or Facebook page, or to change a grade in online school records, for instance.
A Wall Street Journal article on this topic explored “just how simple and affordable online espionage has become.” (It’s simple to hire them, that is; not so simple to get answers about them.) Says the Journal:
One such site, hiretohack.net, advertises online services including being able to "crack" passwords for major email services in less than 48 hours. It says it charges a minimum of $150, depending on the email provider, the password's complexity and the urgency of the job. The site describes itself as a group of technology students based in Europe, U.S. and Asia.
Hiretohack.net's claims couldn't immediately be verified, and the group didn't respond to a request for comment.
Google “hacker for hire,” as I just did, and you’ll find a wide array of offers, price ranges, and English-translation issues. For instance, www.hacker1337.com assures its potential customers, “Time is important, We should not wast our/your time. We provide only our professional services, Security Research is our serious profession, We don't want to make any unusual fun.” And www.hackany1here.com, which says it can hack into any email account for $300, also advertises:
Change in University College grades and hacking of computer system are two main jobs which are very common in use. The experts in hacking use latest technology of 0 Day with non patched exploits. It provides sure success. They gain confidence of esteemed customers by building trust with them and never play a game to deceive, just for cashing them.
For anyone willing to part with their cash for these really, truly inadvisable services (see above FBI indictment, see inner moral compass), there’s even a site dedicated to peer reviews and star ratings of hackers for hire, www.hackerforhirereview.com.
As the founder of the above site explains on the homepage, “After being scammed a few times I realized that these guys are completely un-regulated and can pretty much do what ever they want and get away with it. Its not as though you can run to the Better Business Bureau and say ‘I hired a hacker who stole my money.’” Too true. Be careful out there, folks, on both sides of the login page.