Russian Website Selling Hacked Servers: Report

Krebs’ screenshot of a hacked Windows Server 2003 system at an Internet address space assigned to Cisco Systems.

Here’s one way to create your own cloud-based data center: buy access into a network of hacked corporate PCs.

Does that sound illegal? Of course it is. But one firm is apparently shopping those services on the open market, according to security researcher and reporter Brian Krebs. On his blog, Krebs notes that Dedicatexpress.com advertised access to about 17,000 corporate PCs that were improperly secured. We’ll have to take his word for it, of course, since whoever owned the site has since pulled it down. If it existed—and we believe Mr. Krebs when he says that it did—the site has obviously been moved to another server or service.

The site promised access to any number of the compromised PCs, all apparently combining weak username and passwords to the Remote Desktop Protocol, which allows for remote access. Each PC shopped to the site had a representative or salesperson (of sorts). And the prices were low, low, low: Krebs said he found (with a screenshot to prove it) a hacked Windows Server 2003 system at an Internet address space assigned to Cisco Systems being sold for $4.55.

According to Krebs, Dedicatexpress ran, or runs, a surprisingly nuanced business. The site tracked each representative, the number of PCs he or she offered, and the uses to which they could be put. That makes sense; there’s no point in completely taking over a corporate PC that could be detected, wiped, and then firewalled. Instead, the sales reps can specify to what purpose a server can be put (or not put), such as prohibiting running a dating site on top of it.

Moreover, the site specified that it would not supply servers from companies operating out of Russia, presumably because that would put it afoul of Russian law. Krebs also suspected that the site was either hosted in Russia or at least run by Russian operators. That was also confirmed by an automated URL query at URLquery, which indicated the dedicatexpress site was owned by Selectel Ltd. in the Russian Federation. The IP address was listed as 46.182.31.150—a site that’s also apparently down.

The Selectel site does not appear to mention the dedicatexpress service on its site. Selectel representatives did not respond to an emailed request for comment sent the night of Oct. 24.

For its part, Selectel is a data center operator, with five major data centers: two in St. Petersburg, one in Moscow, and two more in Dubrovka, in the Leningrad region. The service offers both dedicated servers as well as virtual servers running Windows and Linux, plus cloud computing and storage services. In total, the company claims to operate 1,130 server cabinets with a total server area of 3,950 sq. meters, or about 42,500 square feet.

Colocation services are also available; prices start at 3,000 rubles ($95) per month for a dedicated 10-Mbit connection, unlimited traffic, and dedicated power. For a virtualized Windows Server 2008 R2 implemented via Hyper-V, Selectel charges a ruble per megabyte of RAM: a virtual server running on a single Xeon server with 512 MB of memory and a 50 Gbyte hard disk costs 512 rubles ($16) per month.

 

Image: Krebs on Security

Post a Comment

Your email address will not be published.