A particularly gutsy hacker is looking to sell access to military, government and university websites. How much, you ask?
Well, prices, at least at this stage, seem to range from a cool $55-$500 a pop.
Yes, indeed, you can supposedly gain access to the United States Army website for $500, U.S. National Guard for the same price, DoD for $400 and the American State of Michigan for a paltry $55.
As noted by security firm Imperva, the hacker is also prepared to offload personally identifiable information (PII) from hacked sites for $20 per 1K records.
Yeah, that is a bit steep, I suppose.
So, how did the hacker pull this all off?
“The victims’ vulnerabilities were probably obtained by SQL injection vulnerability automatic scanner and exploited in automatic manner, as the hacker published his methods in a forum post,” an Imperva rep explained.
Sounds wild, but is it legit?
According to Brian Krebs of KrebsOn Security, the hacks are actually for real.
“I’ve seen some of the back-end evidence of his hacks, so it doesn’t seem like he’s making this up.
“Amid all of the media and public fascination with threats like Stuxnet and weighty terms such as ‘cyberwar,’ it’s easy to overlook the more humdrum and persistent security threats, such as Web site vulnerabilities.
“But none of these distractions should excuse U.S. military leaders from making sure their Websites aren’t trivially hackable by script kiddies.”