Hackers sell kits on auction site

LONDON – Hacker toolkits previously restricted to hidden specialist online forums are now being sold openly on global auction sites such as eBay. It marks another disturbing development as the tools of e-crime are becoming far more accessible.

"This is a serious development," says Geoff Sweeney, chief technology officer at IT security firm Tier-3. Until now, novice hackers were required to prove themselves to their peers before getting access to the coveted hacking forums where such kits can be found. Sweeney describes the spread of these kits as “very worrying”.

Their availability on eBay puts complex hacking tools at the disposal of any member of the public with internet access – including stealthy Trojan loaders and website hacking utilities – at the disposal of almost any internet user with a standard eBay and Paypal account. Sales of these kits, although facilitating crime, are legal in most countries. However, there are a growing number of notable exceptions, such as Germany’s ‘anti-hacker’ law.

The tools are usually sold within ethical hacker training courses – legal practice under a contract between company and hacker – whereby the intruder has permission to probe and crack online security systems to highlight weaknesses for improvement. These courses also include educational utilities and certification.

Online crime is growing quickly, with internet fraud figures now outstripping conventional fraud. Companies need to consider extending their security umbrella to protect from the growing number of known and unknown threats to their online enterprises, says Sweeny.