Hacker-for-hire services present online are nothing but scam and ineffective revealed a study carried out by Google and the University of California, San Diego.
Researchers got in touch with 27 such service providers to hack accounts, with exclusive online buyer personas. The victim accounts, hosted by Google were used with consent to record key interactions with victims and fake persona were created to associate with these accounts.
Out of the 27 hacking services content, 10 did not respond. Whereas, 12 replied but did not carry out any hacking attack. However, only 5 hacking services attacked and tried to hack Google accounts.
9 of the 12 hacking services which responded but did not attack said that they do not hack Gmail accounts anymore. The rest of the three seemed scams.
Around $100 to $500 are charged by the services, as stated by researchers, and no automated tools were used for launching an attack. Through social engineering, spear-phishing with certain adjustments for every victim account was used by hackers. Some of them inquired more details about victims whereas, others used transformable email phishing templates.
One of the five hackers who launched an attack, used the malware infecting way, or Trojan, which after getting into the victim’s system was capable of stealing passwords and collecting cookies of the browser.
Another attacker used the two-factor authentication (2FA) method and used the spoofing Google login page by redirecting victim and fetched password as well as verification code. Hackers who use 2FA charged double than the rest.
Over the years, researchers noticed that hackers have increased their fees/rates, which on average were $125 per account in 2017 but now they charge almost $400. The major reason behind this is the improved security of accounts by Google.
The research team said that account hacking business is not yet professional, as evident from the poor customer service, delayed responses and incorrect quotation of prices in advertisements.
They concluded that the increased pricing and poor quality services provided by hacker-for-hire is the reason that they possess no threat to users.
Photo: Jeff Wasserman / Alamy
Read next: 49 Million Instagram influencers private information exposed because of an Unsecured database
Researchers got in touch with 27 such service providers to hack accounts, with exclusive online buyer personas. The victim accounts, hosted by Google were used with consent to record key interactions with victims and fake persona were created to associate with these accounts.
Out of the 27 hacking services content, 10 did not respond. Whereas, 12 replied but did not carry out any hacking attack. However, only 5 hacking services attacked and tried to hack Google accounts.
9 of the 12 hacking services which responded but did not attack said that they do not hack Gmail accounts anymore. The rest of the three seemed scams.
Around $100 to $500 are charged by the services, as stated by researchers, and no automated tools were used for launching an attack. Through social engineering, spear-phishing with certain adjustments for every victim account was used by hackers. Some of them inquired more details about victims whereas, others used transformable email phishing templates.
One of the five hackers who launched an attack, used the malware infecting way, or Trojan, which after getting into the victim’s system was capable of stealing passwords and collecting cookies of the browser.
Another attacker used the two-factor authentication (2FA) method and used the spoofing Google login page by redirecting victim and fetched password as well as verification code. Hackers who use 2FA charged double than the rest.
Over the years, researchers noticed that hackers have increased their fees/rates, which on average were $125 per account in 2017 but now they charge almost $400. The major reason behind this is the improved security of accounts by Google.
The research team said that account hacking business is not yet professional, as evident from the poor customer service, delayed responses and incorrect quotation of prices in advertisements.
They concluded that the increased pricing and poor quality services provided by hacker-for-hire is the reason that they possess no threat to users.
Photo: Jeff Wasserman / Alamy
Read next: 49 Million Instagram influencers private information exposed because of an Unsecured database