18 October 2007 | 6,375 views

Cyber Crime Toolkits Go On Sale

Check For Vulnerabilities with Acunetix

This is not exactly new news either, these kind of toolkits have been on sale for a long time, virus generators, trojan toolkits, now they are getting more polished, more stream-lined, more expensive and more easily available.

News of them is hitting the mainstream media..

Malicious hackers are producing easy to use tools that automate attacks to cash in on a boom in hi-tech crime.

On sale, say security experts, are everything from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks.

The top hacking tools are being offered for prices ranging up to £500.

Some of the most expensive tools are sold with 12 months of technical support that ensures they stay armed with the latest vulnerabilities.

Hacking tools with support packages! Now that’s something new.

According to Mr Henry there were more than 68,000 downloadable hacking tools in circulation. The majority were free to use and took some skill to operate but a growing number were offered for sale to those without the technical knowledge to run their own attacks, he said.

But, he added, many hacking groups were offering tools such as Mpack, Shark 2, Nuclear, WebAttacker, and IcePack that made it much easier for unskilled people to get in to the hi-tech crime game.

Mr Henry said the tools were proving useful because so many vulnerabilities were being discovered and were taking so long to be patched.

Mentions of Mpack always pops up, but now there’s a plethora of competitors.

The landscape is getting interesting, time for companies to invest more in their I.T. budgets I think. Especially when it comes to education and awareness.

Source: BBC



Recent in Legal Issues:
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- Teen Accused Of Hacking School To Change Grades
- Royal Canadian Mounted Police Arrest Heartbleed Hacker

Related Posts:
- Organised Cyber Criminals Recruiting Fresh Grads
- Australians Propose ‘No Anti-virus – No Internet Connection’ Policy
- Digital Underground Offering Cheap Botnets For Hire

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,546 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,459 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,464 views

Low-cost VPS Hosting

14 Responses to “Cyber Crime Toolkits Go On Sale”

  1. melvin,foong 18 October 2007 at 3:14 pm Permalink

    we used to write our own rootkits.. now they come with support ? OMG !

  2. Sandeep Nain 19 October 2007 at 4:24 am Permalink

    well this is funny… on one side there is germany who has completely banned the posession of security testing softwares and tutorials… and on the other hand there are these hacking kits with support packages which you can buy easily…

    This “sale of hacking packages with support” thing is serious coz it will give rise to the number of script kiddies and needless to say most of them will be using these tools for illegal activities

  3. backbone 19 October 2007 at 3:49 pm Permalink

    Buying virus creation kits are the most lame thing in the world, cause there is vx.org.ua…. for rootkits -> learn & download rootkit.com …. for any other a pen-test live distro… IMO

  4. n006_$@160t 20 October 2007 at 11:07 am Permalink

    Well this is some tight shit, getting support….. now thats just something different

  5. dre 25 October 2007 at 11:48 pm Permalink

    well in some cases you have governments and military who need to purchase these tools as weapons for offensive computing efforts. these are people who almost certainly need rootkits to protect themselves but also need their hands held when deploying them.

    fortunately for those in the know – anti-rootkit technology has stepped up again. i saw gabe lawrence speak at the toorcon 9 seminars in san diego this past weekend. his talk mostly centered around linux rootkit technology, but he also covered Windows and virtualization rootkits. his current project, 99lb, looks very promising.

  6. Sandeep Nain 26 October 2007 at 4:32 am Permalink

    I believe these government and military agencies have enough funds andd resources that they can build these kits by themselves rather than buying from hackers… as i’m sure govt won’t trust these sources.. and they should not…

    and definitely anti-rootkit stuff will be a revolution.

  7. dre 28 October 2007 at 1:58 am Permalink

    Well look at Sony. They are as large as many governments and military outfits – yet they failed to “roll their own” rootkit. In some cases, Sony would have been better off buying Haxdoor or equivalents at the time. So I think this does hold true for those who need offensive computing but can’t afford the expertise at varying levels. Of course, they could hire experts to modify these tools.

    Who else do they turn to? ImmunitySec, CORE, and modifying Metasploit? My guess is that many intelligence agencies are also getting their hands on these cybercrime toolkits to be used in cyberwarfare. I wouldn’t say it’s a stretch to call such a tactic Science Fiction.

  8. Sandeep Nain 28 October 2007 at 4:20 am Permalink

    Yes you are right DRE that sony is probably as large as any govt or military outfit but the security requiremenets differ… A loophole in sony’s it security may be a threat to the company itself but thats it. Can you imagine somebody getting a root access to US Army’s main servers?? its a NATIONAL THREAT.. so they can’t afford to trust a 3rd party software like rootkits to be installed on their systems. its just LAME. they probbaly think of getting anti-root kit stuff.

  9. dre 28 October 2007 at 4:27 am Permalink

    @Sandeep: nononono… Sony didn’t get owned by a rootkit… they tried to build one… you missed the whole point of my argument

  10. Sandeep Nain 28 October 2007 at 4:51 am Permalink

    @Dre, I understood your point and what i want to communicate here is:

    Sony can afford to not to have their own rootkit or not having good enough security professionals but Army and govt agencies MUST have THE BEST security professionals and programmers who can make rootkits and what not rather than buying off a 3rd party rootkit and anti-root kit.

    I hope this is much clear now…

  11. Sandeep Nain 28 October 2007 at 4:56 am Permalink

    and I reckon, govt agencies must be looking at these cybercrime toolkits but not because they wanna use it and get support as well…

    but they will actually be looking at how to prevent govt. systems from the attacks which can be generated using these toolkits.

  12. fazed 30 October 2007 at 5:40 pm Permalink

    I am at the moment creating
    a web application attack toolkit,
    as I said in a comment on the next
    post the police stole my computer so
    I have lost it at the moment but have
    some of it stored on this laptop.
    anyways this toolkit has a web frontend
    that made it very easy to use..
    hope to get the computer back soon.. :S

  13. dre 31 October 2007 at 6:04 am Permalink

    @Sandeep Army and govt agencies MUST have THE BEST security professionals and programmers who can make rootkits and what not rather than buying off a 3rd party rootkit and anti-root kit

    How many armies and government agencies are there in the world? There is no way that they can hire the best, as much as they would like to or need to. Even the top 15 most powerful governments can’t afford much at all in terms of security professional talent – although they may still have advanced spy, assassin, or propaganda / mass-manipulation organizations and devices.

    Nuclear Grabber and other kits, which cost anywhere from US$25 to US$3k – have been used to steal money from many European banks on several occasions. How many elite government spies are capable of doing that for a similar cost and risk equations? How many elite government security professionals are capable of doing that for the same cost and risk equation?

  14. Sir Henry 14 December 2007 at 7:21 pm Permalink

    @fazed:

    I am intrigued to know more about your predicament with the police. Do tell…