A service discovered in the criminal underground is renting access to thousands of corporate servers that have been hacked through Windows software that lets people control computers remotely over the Internet.
Dedicatedexpress.com is renting access to nearly 17,000 computers that have been compromised through Microsoft's Remote Desktop Protocol, the blog KrebsonSecurity reported Monday.
Since the service was launched in 2010, apparently out of Russia, almost 300,000 computers worldwide have been available for rent.
Businesses use RDP to provide remote access to servers and desktops. Dedicatedexpress.com, which uses the slogan, "The whole world is one service," takes advantage of weak usernames and passwords.
For example, Brian Krebs, the author of the blog, found a computer for rent from Fortune 100 company Cisco Systems. The credential assigned to the Windows Server 2003 system was username: Cisco; password: Cisco. The company confirmed the hacked server was in its network, but declined to provide details to Krebs.
Cybercriminals have sold a variety of hacker services in the underground for sometime. Criminals rent networks of compromised PCs and tools for building the so-called botnets. They also open marketplaces for buying and selling credit and debut card, social security and bank account numbers.
[In depth: The botnet hunters]
The latest service is unusual because it rents compromised corporate systems. "This is the first time I've heard about providing a service with access to Fortune 500 companies," said Darren Hayes, a professor of computer science at Pace University and an expert in forensics and security.
Many of these services are based in Russia and other countries in which law enforcement do not have a cooperative relationship with U.S. authorities. The Dedicatedexpress.com site is written in Russian and does not rent compromised servers from Russia, an indication that service owners want to avoid problems with police in the country.
"There's a lot of organized criminals in Russia who are hackers," Hayes said. "There's pictures of them online, and they don't hide. There's obviously been very little coordination or cooperation between U.S. and Russian authorities to tackle some of this organized crime."
Dedicatedexpress.com charges new customers a $20 registration fee that is paid via WebMoney, a virtual currency, Krebs said. The price for each hacked server is based on a number factors, including the speed of its processor, the number of cores, download and upload speeds and the amount of time the server has been continuously available online.
Hackers who sell the servers to the site are paid a commission and get to dictate how the systems are used, Krebs said. Some sellers may ban the systems' use in online gambling, PayPal or dating scams; and bar users from installing certain software.
Stuart McClure, chief executive, president and founder of security startup Cylance, expects cybercriminals to increasingly get in the business of renting space on hacked servers as the use of cloud computing grows. Systems used to provide software, infrastructure and application platforms as an Internet service are readymade for criminals who want to get into the illicit rental business.
"Most of the vulnerabilities you see in the corporate space today for this type of an attack to work are the same vulnerabilities you're going to find in the cloud," McClure said.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.