DISQUS

Technology Liberation Front: eBay for Black Hats?

  • Luis Villa · 3 years ago
    I've heard of such things for earlier versions of Windows before, including some reputable/documented stories of auctions of botnets. Their existence shouldn't be too surprising- get that zero day exploit, and you can get yourself a very profitable botnet. Given the reputed cash flow for some of the spam kings, $50K doesn't sound implausible. And of course they are already in deep legal trouble if caught, so an additional charge wouldn't scare them very much.

    The only part of this that sounds implausible is that it is for Vista- there is no commercial value in hacking into undeployed systems. But maybe they'll just stockpile it.
  • Tim Lee · 3 years ago
    Right, but doesn't putting your exploit up for auction substantially increase the chances of getting caught? I can believe that these exploits could be worth 50 grand, but I wouldn't think an online auction would be the way you'd sell them.
  • David · 3 years ago
    I have to agree with Tim. I find it hard to believe that people who have the programming knowledge to engineer exploits to operating systems would trust any type of online auction system. Seems like a nice plot for a novel though.
  • Luis Villa · 3 years ago
    Who says auction system? There are ways of doing auctions without software, you know :) Anonymized chat room (which they are already very good at doing anonymously/untraceably, to control the botnets) + chatters saying 'I'll bid X' 'Do I hear X+1?' 'X+1!' You know, the old fashioned way :)
  • Roland Dobbins · 3 years ago
    There's a very real miscreant economy, and many things, including exploits, access to botnets for DDoS (useful for extortion, etc.), and so forth are bought and sold daily. I've never heard of an exploit going for $50K, but they do go for amounts into the thousands.

    I've never heard of anything like an 'eBay' for miscreants', most of the transactions are negotiated over IRC and IM, AFAIK.