October 31, 2016 by

xDedic, a Marketplace Where Hacked Servers go for Sale

The name ‘XDedic’ does not reveal much. What it is, however, is a low-profile marketplace where anyone can and choose and purchase over 70,000 hacked servers from around the internet.

The marketplace provides webservers and databases from private corporations to public government networks, for sale, at a relatively cheap price. For instances, purchasing the means to gain access to a server owned and located in a European Union member government’s network would only fetch a fee of $6, reveals SecureList.

The malicious buyer gains access to all data on the server for that one-time fee, enabling the buyer to use it again at a later time to launch further attacks. The marketplace comes close to enabling the utopian dream for a malicious hacker, with cheap and easy access to victims’ data.  

In a research survey conducted by Kaspersky Lab in partnership with an unnamed European IS of the xDedic marketplace, the security firm determined a total of 70,624 servers to be available for purchase. Those servers were put up for sale from 416 unique sellers with servers from 173 affected countries, underlining the global scale of data made available in the marketplace. Brazil topped the list with 9% of the compromised servers and databases from the country. China, Russia, India, Spain, Italy and France follow.

Notably, xDedic aren’t putting up any details of compromised servers themselves. The developers have, in fact, set up a well-tweaked marketplace, complete with live technical support and toolkits to patch hacked servers that enable multiple RDP sessions and profiling tools. These tools upload information about the hacked servers into the xDedic database, making them easier to find during a search.

Furthermore, the profiling software put in place by xDedic developers gatheres information about the software installed on the server. This enables tagging servers from different industries, including trading, online gambling, payments and more.

The security firm discovered that buyer interest was potent in servers related to point-of-sale (POS), tax reporting and accounting software.

Underlining the threat posed by the Pont-of-Sale software, Kaspersky added:

For instance, a malicious user could go to the xDedic forum, register an account, top it up with Bitcoins and then purchase a number of servers which have PoS software installed. Then, they can install PoS malware, such as Backoff to harvest credit card numbers. The possibilities are truly endless.

The security firm notified law enforcement agencies who helped shut down the marketplace, before it eventually re-emerged on the dark web.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Is your Server Compromised? Use our Free Tool to Find out.

  Have you been the unfortunate victim of a security breach? Do you fear the possibility of...

Read more arrow_forward

Reveal of Hacked Servers Marketplace xDedic Throws up a Surprise

It was last week when security firm Kaspersky reported on an underground marketplace called xDedic,...

Read more arrow_forward

Darkhotel APT: An Elite Spying Group Targeting Executives

Extremely skilled, elite hackers, are targeting executives when they're vulnerable with surgical precision.

Read more arrow_forward