Skilled cybercriminals take part in dark web markets by offering their skills to those willing to pay; this is considered hacking-as-a-service (HaaS). Not to be confused with penetration testing, HaaS is typically associated with illegal activity hosted by dark market web users. One reason HaaS markets have been able to establish themselves is the advancement of open-source hacking tools. There has been a recent shift towards online business operations, remote work and education, and a spike in social media activity. This has created a larger attack surface for threat actors due to the growing amount of target users and data.
Threat actors selling their services in hacking marketplaces have shown to be used for various tasks that vary based on their skill level and clientele. More difficult tasks/targets equate to a higher cost. Users might want to hire a hacker for various reasons: human intelligence gathering, tracking, email or social media account access, website defacement, DDOS, and even malware distribution.
Paid hackers typically take payment in the form of cryptocurrency to make the transactions minimally traceable. Some sites offer currency conversions and guides for purchasing Bitcoin, among other cryptocurrencies. This is effective because cryptocurrency is more international. In other words, crypto’s value is recognized worldwide, and almost any user can buy it easily. Figure 1 is a reflection of how these services appear to online shoppers.
Figure 1: Services Listing Example
(Screenshot obtained from http://ziagmjbpt47drkrk.onion/ )
HaaS markets are accessed through the TOR (The Onion Routing) browser. TOR is a privacy-focused, open-source browser that uses encrypted tunnels to hide user’s network traffic. Some websites, especially those offering illegal services, can only be accessed through TOR.
What services are offered?
Those that seek HaaS pay for something very specific. This suggests a narrow motive; the offered services on HaaS websites reflect this. Many discovered websites even provide an upcharge of urgent consumer needs. However, not all offered services are legitimate; many of these sites could be scams for money and do no real hacking at all. Determining the legitimacy of hacking services is an operational risk that consumers take when enlisting cybercriminals online. Below are some of the most offered services that were discovered on HaaS websites.
- Social Media/Email/Phone Access- Malicious user will obtain unauthorized access to a specified social media or email account. Those found included Facebook, Twitter, Instagram, Reddit, Gmail, or Yahoo. Many sites also offered unlocking and remote execution of victim’s phones.
- Tracking- This could be tracking the location of a phone, computer, location-based intelligence, and other forms of human intelligence (HUMINT) gathering.
- Website Defacement- Many separate this service with protected and non-protected websites; the cost reflects this. Often this can be a DDOS of a specific target or other types of altering to a website or web server.
- Malware Distribution- Utilization of malware can be applied to many other offered services in HaaS markets. DDOS is carried out through a maintained botnet, and tracking is done through spyware. Many HaaS sites offered installation of keyloggers, trojan variants, and ransomware.
What are the effects of HaaS?
Most websites have wide lists of specific services and correlated value. One discovered website condenses offered services into small, medium, or large projects. Both instances can help determine the most difficult or time-consuming tasks in the HaaS market. This should be indicative of where the biggest and most widespread security flaws are.
Figure 2: Condensed HaaS Product List
(Screenshot Obtained from http://2ogmrlfzdthnwkez.onion/)
These markets offer the services of people who claim to be expert hackers. Those willing to take a risk by paying for these services could conceivably do significant damage to individuals, organizations, and web servers. Many offered services seem personal (offering to “ruin victims’ lives”). Some sites provided upcharges for personalized hacks. Legitimate HaaS markets offer considerable hacks and cyberattacks to those that have little or no technical skill.
With the advancement of technology, these types of hacks can become easier and decrease the cost. Alternatively, cyber defense technology will grow more advanced, resulting in less effective hacks, reducing cost. Hackers offering their services can be expected to exploit known vulnerabilities. Therefore, organizations must update their systems regularly. Hacks that remain most prevalent are those that exploit human users and their data.
The advancement of hacking tools and a widespread attack surface foster a more vulnerable environment susceptible to potential exploitation by threat actors. The potential for an expanding HaaS marketplace is possible whether or not the specified services are legitimate. The best way to mitigate this risk is ethical hacking and penetration testing. White hat hackers can find and exploit any discovered vulnerabilities without the damages. This allows users and organizations to patch any vulnerabilities before they can be maliciously exploited. Social engineering is a key component of this issue. Users need to be aware and cautious of scam tactics and threat actor procedures. Cybercriminals operating HaaS markets on an international scale become more difficult to prosecute. Furthermore, smaller hacks such as grade changes or DDOS of a gaming server could go unnoticed. The actual damages from HaaS markets are difficult to estimate, but they can be expected to remain intact.