Once upon a time, the cybercrime underground was best seen through hidden Wiki. Nowadays, sites that offer illegal goods and services are much bolder about posting in forums and advertising their services in the open. Just the same, most of us don't go around looking for or infiltrating it as investigative security reporter Brian Krebs does. His latest report looks at a service that sells RDP access into Fortune 500 companies. Do you allow RDP connections? Do you have a Windows computer currently in use or an old box that accepts Remote Desktop Protocol (RDP)? Most enterprises do allow RDP, so the client box can connect to a remote host computer. In fact, not only do Fortune 500 companies use RDP, but Brian Krebs recently reported on a cybercrime service that sells that RDP access for few dollars.This investigative Krebs on Security report looked into dedicatexpress.com, which advertises access to hacked RDP servers on cybercrime forums as “The whole world in one service.” It takes instant messaging to contact the service owner and $20 via the virtual currency WebMonkey to register. Krebs said that nearly 300,000 compromised systems have been pimped through dedicatexpress since it began in 2010, with 17,000 RDP computers available for rent right now. The cost to rent such a compromised box is based upon several factors, such as processor speed and the number of cores, upload and download speed, and the total uptime the hacked RDP server has been available.Krebs wrote:I made it about halfway through the list of companies in the Fortune 100 with names beginning in “C” when I found a hit: A hacked RDP server at Internet address space assigned to networking giant Cisco Systems Inc. The machine was a Windows Server 2003 system in San Jose, Calif., being sold for $4.55 (see screenshot below). You’ll never guess the credentials assigned to this box: Username: “Cisco,”; password: “Cisco”.Cisco confirmed the hacked RDP box was part of its network, but called it a “bad lab machine.” Krebs said the Cisco server granted the buyer administrative rights, but “it had already been blacklisted by 10 out of 15 popular services that track malicious activity online, such as spam and malware hosting.” Yet Krebs said no worries if you rent a bad box because dedicatexpress says, “if you have any problems with the remote server you have just purchased, you will always be able to file a ticket with technical support and we will be happy to assist you.” I always enjoy Krebs’ insight and investigative reporting into cybercrime. He even explains how this service pays cybercrook sellers a commission for compromised RDP computers. But how do you know what cyberscum to “trust”? Like many legal selling sites such as Amazon or eBay, sellers on dedicatexpress are given a seller rating which includes how many hacked RDP machines they have sold to the cybercrime site. These “top vendors” may state what a particular RDP server cannot be used for “such as online gambling, PayPal or dating scams,” Krebs explained.Furthermore dedicatexpress will not accept RDP servers located in Russia, most likely because that is where it is located and the owners “not wish to antagonize Russian law enforcement officials.” Of course, as a Krebs on Security commenter pointed out, some of these machines are likely honeypots setup by law enforcement. Service Sells Access to Fortune 500 Firms is a good read, with screen captures to help illustrate how it works. Krebs continues to offer articles that heighten cybercrime awareness and gives glimpses of the dirty underbelly of cybercriminals. Like this? Here’s more posts:Time to disable Java AGAIN: 1 billion at risk from newest critical Java bugFeds Warn of Zombie Apocalypse! Buy emergency kit, but you might be a terrorist if…Senate report: Fusion centers don’t find terrorists, filled with ‘crap’ that violates privacySmartphone snoop: Even when phone sleeps, digital assistant always eavesdrops Facebook Want Button: Collecting massive amounts of data about you has never been easierBusted! Forensic expert who recovered lurid SMS warns: Phone texts don’t die, they hideDeanonymizing You: I know who you are after 1 click online or a mobile callDoes Microsoft Oppose Verizon Spying? Verizon allegedly wants more control over WP8Flame’s vicious sibling miniFlame malware, a cyber-espionage ‘surgical attack tool’Surveillance State: From Inside Secret FBI Terrorist Screening Room to TrapWire TrainingSocial media surveillance helps the government read your mind Follow me on Twitter @PrivacyFanatic Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe