Cyber Crime Toolkits Go On Sale

This is not exactly new news either, these kind of toolkits have been on sale for a long time, virus generators, trojan toolkits, now they are getting more polished, more stream-lined, more expensive and more easily available.

News of them is hitting the mainstream media..

Malicious hackers are producing easy to use tools that automate attacks to cash in on a boom in hi-tech crime.

On sale, say security experts, are everything from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks.

The top hacking tools are being offered for prices ranging up to £500.

Some of the most expensive tools are sold with 12 months of technical support that ensures they stay armed with the latest vulnerabilities.

Hacking tools with support packages! Now that’s something new.

According to Mr Henry there were more than 68,000 downloadable hacking tools in circulation. The majority were free to use and took some skill to operate but a growing number were offered for sale to those without the technical knowledge to run their own attacks, he said.

But, he added, many hacking groups were offering tools such as Mpack, Shark 2, Nuclear, WebAttacker, and IcePack that made it much easier for unskilled people to get in to the hi-tech crime game.

Mr Henry said the tools were proving useful because so many vulnerabilities were being discovered and were taking so long to be patched.

Mentions of Mpack always pops up, but now there’s a plethora of competitors.

The landscape is getting interesting, time for companies to invest more in their I.T. budgets I think. Especially when it comes to education and awareness.

Source: BBC

Posted in: Legal Issues, Malware

, ,

Latest Posts:

GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.
Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.
OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.

14 Responses to Cyber Crime Toolkits Go On Sale

  1. melvin,foong October 18, 2007 at 3:14 pm #

    we used to write our own rootkits.. now they come with support ? OMG !

  2. Sandeep Nain October 19, 2007 at 4:24 am #

    well this is funny… on one side there is germany who has completely banned the posession of security testing softwares and tutorials… and on the other hand there are these hacking kits with support packages which you can buy easily…

    This “sale of hacking packages with support” thing is serious coz it will give rise to the number of script kiddies and needless to say most of them will be using these tools for illegal activities

  3. backbone October 19, 2007 at 3:49 pm #

    Buying virus creation kits are the most lame thing in the world, cause there is…. for rootkits -> learn & download …. for any other a pen-test live distro… IMO

  4. n006_$@160t October 20, 2007 at 11:07 am #

    Well this is some tight shit, getting support….. now thats just something different

  5. dre October 25, 2007 at 11:48 pm #

    well in some cases you have governments and military who need to purchase these tools as weapons for offensive computing efforts. these are people who almost certainly need rootkits to protect themselves but also need their hands held when deploying them.

    fortunately for those in the know – anti-rootkit technology has stepped up again. i saw gabe lawrence speak at the toorcon 9 seminars in san diego this past weekend. his talk mostly centered around linux rootkit technology, but he also covered Windows and virtualization rootkits. his current project, 99lb, looks very promising.

  6. Sandeep Nain October 26, 2007 at 4:32 am #

    I believe these government and military agencies have enough funds andd resources that they can build these kits by themselves rather than buying from hackers… as i’m sure govt won’t trust these sources.. and they should not…

    and definitely anti-rootkit stuff will be a revolution.

  7. dre October 28, 2007 at 1:58 am #

    Well look at Sony. They are as large as many governments and military outfits – yet they failed to “roll their own” rootkit. In some cases, Sony would have been better off buying Haxdoor or equivalents at the time. So I think this does hold true for those who need offensive computing but can’t afford the expertise at varying levels. Of course, they could hire experts to modify these tools.

    Who else do they turn to? ImmunitySec, CORE, and modifying Metasploit? My guess is that many intelligence agencies are also getting their hands on these cybercrime toolkits to be used in cyberwarfare. I wouldn’t say it’s a stretch to call such a tactic Science Fiction.

  8. Sandeep Nain October 28, 2007 at 4:20 am #

    Yes you are right DRE that sony is probably as large as any govt or military outfit but the security requiremenets differ… A loophole in sony’s it security may be a threat to the company itself but thats it. Can you imagine somebody getting a root access to US Army’s main servers?? its a NATIONAL THREAT.. so they can’t afford to trust a 3rd party software like rootkits to be installed on their systems. its just LAME. they probbaly think of getting anti-root kit stuff.

  9. dre October 28, 2007 at 4:27 am #

    @Sandeep: nononono… Sony didn’t get owned by a rootkit… they tried to build one… you missed the whole point of my argument

  10. Sandeep Nain October 28, 2007 at 4:51 am #

    @Dre, I understood your point and what i want to communicate here is:

    Sony can afford to not to have their own rootkit or not having good enough security professionals but Army and govt agencies MUST have THE BEST security professionals and programmers who can make rootkits and what not rather than buying off a 3rd party rootkit and anti-root kit.

    I hope this is much clear now…

  11. Sandeep Nain October 28, 2007 at 4:56 am #

    and I reckon, govt agencies must be looking at these cybercrime toolkits but not because they wanna use it and get support as well…

    but they will actually be looking at how to prevent govt. systems from the attacks which can be generated using these toolkits.

  12. fazed October 30, 2007 at 5:40 pm #

    I am at the moment creating
    a web application attack toolkit,
    as I said in a comment on the next
    post the police stole my computer so
    I have lost it at the moment but have
    some of it stored on this laptop.
    anyways this toolkit has a web frontend
    that made it very easy to use..
    hope to get the computer back soon.. :S

  13. dre October 31, 2007 at 6:04 am #

    @Sandeep Army and govt agencies MUST have THE BEST security professionals and programmers who can make rootkits and what not rather than buying off a 3rd party rootkit and anti-root kit

    How many armies and government agencies are there in the world? There is no way that they can hire the best, as much as they would like to or need to. Even the top 15 most powerful governments can’t afford much at all in terms of security professional talent – although they may still have advanced spy, assassin, or propaganda / mass-manipulation organizations and devices.

    Nuclear Grabber and other kits, which cost anywhere from US$25 to US$3k – have been used to steal money from many European banks on several occasions. How many elite government spies are capable of doing that for a similar cost and risk equations? How many elite government security professionals are capable of doing that for the same cost and risk equation?

  14. Sir Henry December 14, 2007 at 7:21 pm #


    I am intrigued to know more about your predicament with the police. Do tell…