If you've ever wanted to spy on your boyfriend or girlfriend's email and social media accounts--or those of your boss--Dell has some tempting news for you. Not only is there a whole underground marketplace set up to help you do just that, it's becoming more professional all the time. Rather than send money and trust a criminal to fulfill your deal, you can make sure the job is done before it's paid for. You'll get excellent customer service. And it will cost a lot less than you think.
This dismaying news is part of Dell's third annual Underground Hacker Markets report. Dell security folks spend a lot of their time trolling the Dark Web learning about prices for various nefarious services. Though hacking is for sale all over the world, the Dell group focused their attention on the Russian underground and English-speaking marketplaces elsewhere.
Their investigation turned up pretty modest prices for hacking activities. For example, you can have a Gmail, Yahoo, or Hotmail account hacked for $129. The same goes for popular U.S. social media accounts. Corporate email accounts are available for hacking too, though that costs $500 per address. Most disturbingly, the hackers assure their prospective customers that they can get into victims' email accounts without changing their passwords or otherwise alerting them to the breach. "Complete confidentiality--the victim will not even notice that their email account has been hacked," boasts one offer.
Adding insult to injury, many of these hacking services promise they're available for contact from 11 a.m. to 11 p.m. on weekdays and additional hours on weekends--much better customer service than the email services they're attacking have. Some offer a free trial attack before you commit, and others offer to work with a "guarantor" who will accept payment but not release it to the hacker until the job is done to your satisfaction.
And the available services go way beyond hacking email and social media accounts. You can also order up a denial-of-service (DDoS) attack that will disable your target's servers for as little as $5 per hour--again with a free trial. Credentials for online bank accounts are for sale as well, priced according to what's in the account. (A $50,000 account will cost you $587, for instance.) They also will transfer funds to you from victims' online payment accounts, for instance $1,500 for a payment of $377.
What should you do about it?
What's a poor internet user to do? Dell offers a variety of suggestions, not all of which will be practical for all users. These range from never clicking on a link or attachment in an email unless you check with the sender first to using a dedicated computer for your banking that is never used for anything else, especially email.
You can see the full list of recommendations for both individuals and businesses in the report. In the meantime, do make sure to do the following:
1. Use two-factor authentication wherever you can.
Two-factor authentication adds a second step beyond entering a password and answer to a security question to gain access to email or other online accounts. Most often, it takes the form of a code number texted to your mobile phone or generated by a program such as Google Authenticator. Services ranging from Evernote to online banks to Google itself offer two-factor authentication as an optional security measure. Use that option whenever possible.
2. Keep your security software up to date.
Just because there's no such thing as perfect security doesn't mean you shouldn't do your best to be as secure as possible. So make sure you have antivirus and anti-spyware installed on your computer and on your mobile devices and that you keep that software up to date. You also need a firewall to keep intruders from getting access to your home or work network. Having security precautions in place may mean that would-be hackers decide to go pick on someone else.
3. Be careful where you browse, what you click, and especially what you download.
If you ever doubt for a moment that a link or attachment someone sent is actually from that person, don't hesitate to ask the person before you open the attachment or click on the link. Be conservative about downloading and installing software on your computer and mobile devices and only do so from known and trusted sources. (Don't assume because an app is in a company's app store or marketplace it's been tested and is safe--it may not be.)
4. Watch your online accounts carefully.
Some miscreants make small "test" withdrawals from victims' online accounts to see how closely they're being watched before going in after a large sum. So keep track of all your online accounts and check them regularly for new transactions. And if you see a small but inexplicable withdrawal, don't ignore it. Consider signing up for a service that alerts you to credit checks, which can be an early warning of identity theft.
5. Never assume anything you do on the internet is truly private.
Your email and social media accounts have probably never been hacked, but if they have you may have no way of knowing it. Your best course is to assume that others could conceivably be listening in--and act accordingly. You never know where information or sentiments you shared online might wind up. Your best defense is not to post, chat message, or email anything that would seriously hurt you if it were ever made public.