October 31, 2016 by

xDedic, a Marketplace Where Hacked Servers go for Sale

The name ‘XDedic’ does not reveal much. What it is, however, is a low-profile marketplace where anyone can and choose and purchase over 70,000 hacked servers from around the internet.

The marketplace provides webservers and databases from private corporations to public government networks, for sale, at a relatively cheap price. For instances, purchasing the means to gain access to a server owned and located in a European Union member government’s network would only fetch a fee of $6, reveals SecureList.

The malicious buyer gains access to all data on the server for that one-time fee, enabling the buyer to use it again at a later time to launch further attacks. The marketplace comes close to enabling the utopian dream for a malicious hacker, with cheap and easy access to victims’ data.  

In a research survey conducted by Kaspersky Lab in partnership with an unnamed European IS of the xDedic marketplace, the security firm determined a total of 70,624 servers to be available for purchase. Those servers were put up for sale from 416 unique sellers with servers from 173 affected countries, underlining the global scale of data made available in the marketplace. Brazil topped the list with 9% of the compromised servers and databases from the country. China, Russia, India, Spain, Italy and France follow.

Notably, xDedic aren’t putting up any details of compromised servers themselves. The developers have, in fact, set up a well-tweaked marketplace, complete with live technical support and toolkits to patch hacked servers that enable multiple RDP sessions and profiling tools. These tools upload information about the hacked servers into the xDedic database, making them easier to find during a search.

Furthermore, the profiling software put in place by xDedic developers gatheres information about the software installed on the server. This enables tagging servers from different industries, including trading, online gambling, payments and more.

The security firm discovered that buyer interest was potent in servers related to point-of-sale (POS), tax reporting and accounting software.

Underlining the threat posed by the Pont-of-Sale software, Kaspersky added:

For instance, a malicious user could go to the xDedic forum, register an account, top it up with Bitcoins and then purchase a number of servers which have PoS software installed. Then, they can install PoS malware, such as Backoff to harvest credit card numbers. The possibilities are truly endless.

The security firm notified law enforcement agencies who helped shut down the marketplace, before it eventually re-emerged on the dark web.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 ā€“ a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Is your Server Compromised? Use our Free Tool to Find out.

  Have you been the unfortunate victim of a security breach? Do you fear the possibility of...

Read more arrow_forward

Reveal of Hacked Servers Marketplace xDedic Throws up a Surprise

It was last week when security firm Kaspersky reported on an underground marketplaceĀ called xDedic,...

Read more arrow_forward

Darkhotel APT: An Elite Spying Group Targeting Executives

Extremely skilled, elite hackers, are targeting executives when they're vulnerable with surgical precision.

Read more arrow_forward