Posted by & filed under Business Intelligence, Copyright, cyber terroism, Cyberforensics, industry analysis, Privacy.

Description: A website claims to give “administrator” access to various web addresses for a price, causing serious security threats

Source: CNN.com

Date: Jan 28, 2011

Questions for discussion:

  • Do you thinks this type of be behavior is legal or ethical?
  • What should be done to shut this down?
  • Do you feel the security in these hacked sites was adequate?

19 Responses to “Anybody can be a Hacker for a Price”

  1. brittni.maurer

    This behavior is illegal to do, and it is not ethical at all. I think that people that do this are cold hearted and get a kick out for wrecking peoples companies and messing with their systems. Whether the hacker is getting paid to do it or just for their own entertainment it is getting worse and worse as technology advances.

    To shut this behavior down they would track the security history and find out where the hacker is coming from this is not easy to be done because to hack the sight the hacker used a database code to crack into the system. To trace this behavior could get very hard because they aren’t using a name or password they are getting in through the databases.

    The security in the hacker sites is adequate because they seem to know what they are doing and they seem to be doing it right, it will only be a matter of time when they slip up on one little thing and they will be busted.

  2. Dustin

    I agree this is illegal to do. People should have the ethics and respect not to steal personal information. They should take their talents and do something useful with them. With more and more of this type of hacking takin place, it will only cuase for more and more secerity checks, witch as a result will probably lead to the requirement of the avergae person having to give more information about them-selves. I see this in banking online. at first you just needed to know your personal pin. Then they wanted a password. Now they want what city you were born, whats your grandfathers accupation, whats your best freinds name, what was your fist pets name, and so on. Where does it stop. Next they will want to know when the last time you took a shower or the last meal you ate. Its getting out of control. If it gets too bad. People will go back to the old fasion way. pay with cash only, take their name out of the system. Which is probably not possible now adays. But it has to stop or there has to be some better way of keeping inforamtion from hackers and theives.

  3. Russ

    I would say that what this hacker is doing is definitely illegal, and unethical. I think the first thing that should be done to shut this down is find the source (the person who is hacking into these websites). The next thing that should be done is notify those organizations who are on his shopping list and tell them they should tighten their security so that the hacker is unable to have access to their sites along the ability to grant administrator login rights to other unethical individuals for a profit. As far as the current security of the websites that have been hacked, I do not feel that they have adequate security. Obviously, if the sites have been perpetrated there needs to be some increased security measures taken especially by these organizations that have been targeted, but also all other organizations. The problem that I see with this whole situation is there will always be a way to hack into information in my opinion. The reason is the no matter how secure a person makes a website according to their knowledge and the best software, there will always be someone just as smart on the other end that knows how to crack the system. I think it is just going to be a continuous cycle of securing a site, someone hacking into the site, updating their security to secure the site again, only until someone figures out how to crack it again.

  4. Landon

    No this is not legal, nor is it ethical in any form! You are infringing upon peoples privacy, accessing info that does not belong to you and selling it. Some of the sites that were mentioned is also kind of frightening, the U.S. Military, universities, and you can supposedly gain administrator access for a couple hundred bucks. Yikes!

    I think someone should hack his site, see how he likes it, and then plant a virus on his computer… Ok, I don’t know how you would go about shutting his site down but he should not be able to run it since what he is doing is illegal, so why is it still running? no idea.

    According to Kevin Mitnick, he believes that the hacker used an automated hacking tool to scan the sites to look for holes in the security systems. If an automated tool can do this, then I’m thinking the sites security may not have been very good to start with. If holes in the system can be found that easily, then the companies should have been able to find them themselves before any one else did. They should definitely do a security audit if they are on the list, even if they aren’t on the list to prevent things like this from happening. Databases are a huge thing now, and securing them is a must! Some DB’s hold tons of info, and since this is the way the hacker was getting into the sites, stresses the security of DB’s even more. I am not saying the sites that were hacked have terrible security by any means, lets face it, there are so many security issues involved in an info system that some are bound to be overlooked. Many applications are rely on people reporting problems to the company and the company then issuing a patch to fix it, this is how many problems are dealt with, it just so happens this fellow found those holes and chose to exploit them by putting them up for sale, damn cracker!

  5. Clayton Varjassy

    It’s tough to say if the shopping list is actually real. Regardless, it’s highly illegal. Look at Mitnick, he went to federal prison for 5 years for doing “test” hacks… Mitnick was never the type of guy to try to use his skills or knowledge for negative things, he usually hacked things just to see if he could, but the FBI wanted to make an example out of him. I think if there are people actually trying to hack government websites, it will not go unnoticed or unpunished. In a way though, exposing these security holes, especially on high profile government websites, is important. If there is someone dumb enough to publicly try and sell access to these sites, that is almost a positive for the victims in this situation. Rather than privately trying to sell access to shady individuals who might actually try to cause harm, the people that run the websites will hopefully quickly become aware of what’s going on and fix their security holes before any real harm is done.

  6. Derek Wilson

    This type of behaviour is extremely illegal and unethical! I actually can’t believe that someone would hack websites and then openly sell this kind of information on the web. This kind of behaviour is very uncharacteristic of the stereotypical hacker. From the sounds of it, it is some guy who picked up some hacking tools from off the web somewhere and is trying to make a quick buck. Depending on where this hacker is located, the local authorities should bring him or her in and shut the site down. As for the security of the websites in question, I am sure they have adequate security with some sort of weak points in their system. Every security system was made in a logical fashion, thus anyone with the right programs can decode them. I believe that if these websites upgrade their software and find any weak points, then the problem will disappear.

  7. Simar Duggal

    This type of behavior is defiantly not legal or ethical because this stuff that is not supposed to be shown to everyone is being shown. The trust people have when submitting there information to a business will become dangerous to give which will make it harder for business that need records to run (ex. doctors, university). There should be a firewall that each company has that is highly secured, so people are assured there information is safe. I don’t believe that this hacker actually adequately got this information, I feel like this would become more of a issue for theses company’s, and even more….there wouldn’t be so many spelling mistakes of a very smart computer hacker who has got into government files.

  8. Bretton MacDonald

    Obviously this kind of activity is not only illegal but very unethical as well. Not just for the people who do the hacking but also for the people who are spending the money to get these sites hacked. It makes website operators think twice about security and even makes them think about paying more money so there sites arent at as much risk. The worst thing about this is the fact the government and military sites are being hacked too. If thats the case we should be very worried because if just run of the mill hackers are getting access to these websites then what about people who are more of threats such as terrorists. The government first off needs to ensure better security for their own websites and military websites, and then after this do something about the less important websites. Peoples privacy rights are being violated and could lead to many more identity thefts and privacy issues.

  9. Momah Moseri

    I think that hacking is both illegal and unethical. People who hack into other company’s website, universities websites and gain administrative access to vital information and personal data that can be used to ruin not only the organization but individuals as well should be jailed for a very long time. To me, the only difference between hacking and armed robbery is the gun. So hackers should be treated the same way as armed robbers. Invading into someone’s privacy and stealing their personal information should not be acceptable in any way. To shut down this behaviour, a software should be designed that would be able to detect unauthorized entry into a website and can also trace the location of the system through its IP address. As soon as the IP address is known, the message should be sent out for immediate action. However every system has its weakness, no matter how strong the software might be, there is always a way of getting around it.

  10. Katie

    It is scary to think about all the information we have out there that is at risk from hackers. Of course it is illegal and unethical, but like Kevin Mitnick says, it is more disturbing to realize how shoddy the security systems are that some of these companies have in place. There needs to be harsher punishment for hackers that go after company and individual personal information. This is a different type of hacking as well. These hackers aren’t trying to take over entire systems or cause cyber warfare, but rather just selling administrator access to different web addresses. I think the simplicity of this system is what has posed a new threat that companies haven’t seen before. So much of our way of living is done online, and if that information is being threatened, many businesses are going to run into a lot of problems. Although, I do question the validity of this hacker’s ‘shopping list’ and think it is more of a scam. But it shows that the threat is real and needs to be dealt with as such.

  11. Rio P

    Of course I feel that this is illegal and completely unethical, not only for the person who is hacking into these sites, but to the people who choose to purchase these administrative “rights” to these websites. For example, hacking into a University website and giving complete access is very unnerving speaking from the perspective of a university student who puts trust in my University to keep my information safe. However, this brings into question if there are proper security measures in place to protect all of this vital information. From the evidence it appears as if the security being used is not sufficient. But hackers find enjoyment out of hacking through security walls etc. so it is difficult to find software that can protect information or create new software without having a hacker break in. In order to track down these people who are selling this information, tracking payment options or something of the like may be required. I am no computer expert, however, there has to be some method in order to catch these people.

  12. selenanova759

    we need to remember that the principal issue is that the legal system for online offenses simply cant seem to keep up at the rate that the world wide web is able to move. as fast as a law is made, faster is the loophole dug to get around it. of course hacker activity is unethical, but is it illegal? probably somehow/somewhere in the law. although it would be nice to live in an ideal world where we can rightfully assume that because we have a password that we are protected, or even more ideal, that we shouldnt have to have a password to begin with. if people lived ethically, the ideal would be reality. but this doesnt exist in the physical world (hence: laws against grand theft, drinking and driving, breaking and entering, murder, etc…) the same can be expected of the virtual world. these companies and organizations securtiy may have once been sufficient, but maintainance and upgrading is essential. for all we know, hiring an internal hacker to keep you up to date may be the best investment a company could make, and may even cut back on the “free-lance” hackers.

  13. prab22

    It is very disturbing to see that this is a new trend. Secured information getting leaked by these automated tools, that this hacker made, seems far too simple to get access to these companies administrative access. Also it is very hard to believe that someone can hack into the US military, or the Italian government websites. I thought these entities would have way more security than this. It seems to be a scam but if anything that has been programmed can be easily hacked. Of course it’s illegal and wrong but companies should fight back against these hackers not stand around and visit this site the hacker has established. Instead of focusing so much on newer technology and implementing new programs and websites, companies should take a little time to maintain current programs and beef up security to prevent hackers from getting in. If hackers are now marketing prices and information these days it shows nothing is being done to stop their actions.

  14. Taofikat

    This is a very iilegal thing to do. people should have ethics and concience not to temper with people’s property. Hackers are very smart because they use a database code to crack into the system. i believe they are are doing this for money.
    To shut this down they should track the hackers to do this they should look for someone that is good with computer who will worl also like an hacker this will make it easirer for them to be caught. sooner or later the hackers will leave little traces that will make them get caught.

  15. Nicole Hendry

    I was very suprised to see the U.S. military on the lists of websites that are able to be hacked. Obviously if you have any morals or values at all you would say that this is not legal or ethical behaviour. Just like our discussion about DNA this is private personal information that is being sold at a very small price. It is sad that people would both hack and also buy this information from unsuspecting victims. I think more resources should be put into both having high levels of security on websites and also on trying to find and catch hackers. I don’t think that in this situation we should act helpless and just heighten our security after we have found out we are on the list. I also think that hackers should be found and punished, afterall it is illegal and should be punished like any other form of theift. The security of the sites shown should obviously be checked for loop holes and also should have a higher level of security. This is people’s personal information that strangers are gaining access to.

  16. Ashleigh

    This type of behavior is definitely illegal and unethical. They are stealing others personal information and causing so many problems probably just for their own entertainment. A lot of people give their information on the web not thinking that hackers are out there and are going in intercept and get this information somehow. This is especially dangerous in the business world as a lot of things are relied on the Internet and a lot of information is stored there. In order to be able to shut this down, they are going to have to find who is behind all this or at least a main source. The security for these hacked sites was adequate because that is how they figured out that there was a problem however, there must have been a few holes since the hackers were able to get to these sites.

  17. Jatinder Aulakh

    •Do you thinks this type of be behavior is legal or ethical?
    •What should be done to shut this down?
    •Do you feel the security in these hacked sites was adequate?

    I think this type of behaviour is illegal and not ethical. Being able to hack into businesses and schools is scary because all our personal information is being exposed and anything could happen once our information is the hands of people that should not have it. To shut this down I believe the person that is making this list and selling this information should be caught and prisoned. Also, I think companies and schools need check to if they are on that list and increase security to make it harder for anyone to hack personal information. I think the security in these hacked sites are adequate, but need to be built more stronger to prevent people from hacking personal information.

  18. Chelsa

    This behavior is illegal and unethical in every way. The hacker is breaking into a company’s website. This is no different that breaking into the building where a company is located. It is also giving access to consumers personal information without their permission which is against privacy laws. There is nothing ethical about stealing from someone or about selling stolen goods. People who choose to act in this manor should be arrested and imprisoned. The security on these sites was clearly inadequate. If a site is actually secure it would be more difficult for someone to hack into the site and obtain access and administrative information. One way to shut this behavior down would be to make it more difficult for a hacker to gain access to these websites. If it was more difficult to gain access it might deter the hacker from that type of behavior. Also, if you see a website like this is there no way to shut it down? Does the government or law enforcement not have the power to eliminate access to websites doing unlawful things?

  19. Jenn Oloya

    Clearly this is illegal behavior, people privacy and rights are removed and this jeopardizes people’s safety especially if you can buy administrated access to websites such as the U.S. Defense and Military. This website is definitely not ethical at all because of the above reasons and it doesn’t do any good for the common people anything else it ruins society and allows others to act in unethical behavior. The FBI, CIA, CIS, or whatever deals with these things needs to find the individual(s) involved fine them, jail them, and remove the site from the web. The thing is that now that people have seen a site like this many will probably try to duplicate this site for profit so the government should monitor and look for sites like this so that they could shut it down before it becomes known. Its hard to say if security in these hacked sites was adequate or not, I’m pretty sure that the U.S. Defense have really good security for their site, but if people are determined and dedicated too hacking them and puts all their efforts to it they could probably find a loop hold somewhere that someone had missed securing. One only thing that the sites can do, I think, is to make security an ongoing process and never stop trying to make their sites more secure by upgrading, changing, or looking for the loops in their sites.

Leave a Reply

Your email address will not be published.