[ad]
This is not exactly new news either, these kind of toolkits have been on sale for a long time, virus generators, trojan toolkits, now they are getting more polished, more stream-lined, more expensive and more easily available.
News of them is hitting the mainstream media..
Malicious hackers are producing easy to use tools that automate attacks to cash in on a boom in hi-tech crime.
On sale, say security experts, are everything from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks.
The top hacking tools are being offered for prices ranging up to £500.
Some of the most expensive tools are sold with 12 months of technical support that ensures they stay armed with the latest vulnerabilities.
Hacking tools with support packages! Now that’s something new.
According to Mr Henry there were more than 68,000 downloadable hacking tools in circulation. The majority were free to use and took some skill to operate but a growing number were offered for sale to those without the technical knowledge to run their own attacks, he said.
But, he added, many hacking groups were offering tools such as Mpack, Shark 2, Nuclear, WebAttacker, and IcePack that made it much easier for unskilled people to get in to the hi-tech crime game.
Mr Henry said the tools were proving useful because so many vulnerabilities were being discovered and were taking so long to be patched.
Mentions of Mpack always pops up, but now there’s a plethora of competitors.
The landscape is getting interesting, time for companies to invest more in their I.T. budgets I think. Especially when it comes to education and awareness.
Source: BBC
melvin,foong says
we used to write our own rootkits.. now they come with support ? OMG !
Sandeep Nain says
well this is funny… on one side there is germany who has completely banned the posession of security testing softwares and tutorials… and on the other hand there are these hacking kits with support packages which you can buy easily…
This “sale of hacking packages with support” thing is serious coz it will give rise to the number of script kiddies and needless to say most of them will be using these tools for illegal activities
backbone says
Buying virus creation kits are the most lame thing in the world, cause there is vx.org.ua…. for rootkits -> learn & download rootkit.com …. for any other a pen-test live distro… IMO
n006_$@160t says
Well this is some tight shit, getting support….. now thats just something different
dre says
well in some cases you have governments and military who need to purchase these tools as weapons for offensive computing efforts. these are people who almost certainly need rootkits to protect themselves but also need their hands held when deploying them.
fortunately for those in the know – anti-rootkit technology has stepped up again. i saw gabe lawrence speak at the toorcon 9 seminars in san diego this past weekend. his talk mostly centered around linux rootkit technology, but he also covered Windows and virtualization rootkits. his current project, 99lb, looks very promising.
Sandeep Nain says
I believe these government and military agencies have enough funds andd resources that they can build these kits by themselves rather than buying from hackers… as i’m sure govt won’t trust these sources.. and they should not…
and definitely anti-rootkit stuff will be a revolution.
dre says
Well look at Sony. They are as large as many governments and military outfits – yet they failed to “roll their own” rootkit. In some cases, Sony would have been better off buying Haxdoor or equivalents at the time. So I think this does hold true for those who need offensive computing but can’t afford the expertise at varying levels. Of course, they could hire experts to modify these tools.
Who else do they turn to? ImmunitySec, CORE, and modifying Metasploit? My guess is that many intelligence agencies are also getting their hands on these cybercrime toolkits to be used in cyberwarfare. I wouldn’t say it’s a stretch to call such a tactic Science Fiction.
Sandeep Nain says
Yes you are right DRE that sony is probably as large as any govt or military outfit but the security requiremenets differ… A loophole in sony’s it security may be a threat to the company itself but thats it. Can you imagine somebody getting a root access to US Army’s main servers?? its a NATIONAL THREAT.. so they can’t afford to trust a 3rd party software like rootkits to be installed on their systems. its just LAME. they probbaly think of getting anti-root kit stuff.
dre says
@Sandeep: nononono… Sony didn’t get owned by a rootkit… they tried to build one… you missed the whole point of my argument
Sandeep Nain says
@Dre, I understood your point and what i want to communicate here is:
Sony can afford to not to have their own rootkit or not having good enough security professionals but Army and govt agencies MUST have THE BEST security professionals and programmers who can make rootkits and what not rather than buying off a 3rd party rootkit and anti-root kit.
I hope this is much clear now…
Sandeep Nain says
and I reckon, govt agencies must be looking at these cybercrime toolkits but not because they wanna use it and get support as well…
but they will actually be looking at how to prevent govt. systems from the attacks which can be generated using these toolkits.
fazed says
I am at the moment creating
a web application attack toolkit,
as I said in a comment on the next
post the police stole my computer so
I have lost it at the moment but have
some of it stored on this laptop.
anyways this toolkit has a web frontend
that made it very easy to use..
hope to get the computer back soon.. :S
dre says
@Sandeep Army and govt agencies MUST have THE BEST security professionals and programmers who can make rootkits and what not rather than buying off a 3rd party rootkit and anti-root kit
How many armies and government agencies are there in the world? There is no way that they can hire the best, as much as they would like to or need to. Even the top 15 most powerful governments can’t afford much at all in terms of security professional talent – although they may still have advanced spy, assassin, or propaganda / mass-manipulation organizations and devices.
Nuclear Grabber and other kits, which cost anywhere from US$25 to US$3k – have been used to steal money from many European banks on several occasions. How many elite government spies are capable of doing that for a similar cost and risk equations? How many elite government security professionals are capable of doing that for the same cost and risk equation?
Sir Henry says
@fazed:
I am intrigued to know more about your predicament with the police. Do tell…