The group behind a collection of ‘premium’ hacking tools is apparently charging hackers $10,000 a month for permission to use their exploit kit. The proceeds are helping fund rewards for anyone who shares information with the hackers about previously unknown software vulnerabilities.
According to security firm Sophos, the ‘premium’ hacking kit is the work of a group called ‘Paunch.’ This is the same group that previously offered hackers a set of tools known as the Blackhole kit, which users could access only after paying a $1,500 per year rental fee. (Source: sophos.com)
The Blackhole kit was (and is) used by cyber-criminals who have already gained unauthorized access to a legitimate website. The kit allows them to spread malicious software onto the computers of unsuspecting people who visit the hacked website.
Depending on the malicious software to be spread, the hackers would then be able to steal information from victims’ computers or use the compromised computers’ resources as ‘botnets‘ to carry out larger-scale online attacks.
$10K Hacker Kit Fee a Good Value For Some Cyber-Criminals
The Paunch group has now released a highly sophisticated package of hacking tools known as ‘Cool Exploit.’ The group is asking an astounding $10,000 per month from each hacker who wants to use the kit.
Most security experts believe anyone paying that fee is a professional hacker intent on making a serious profit through cyber-crime.
In fact, one Paunch customer is said to have made around $30,000 a day by using the Cool Exploit kit to spread “ransomware,” software that infects a victim’s machine and then threatens to delete files unless the victim pays the hacker responsible for the infection. (Source: theregister.co.uk)
Hackers Rewarded for Finding Software Security Flaws
The people behind the ‘Cool Exploit’ kit are reportedly using the huge fees they are charging to pay for information about major software security vulnerabilities, including zero-day flaws (security flaws in software that its developers don’t yet know about).
Information about such flaws is particularly prized by hackers, because they can carry out a scam using the new flaw before anyone can patch (and thereby protect) their computer systems.
Some experts worry that the Paunch fund will help turn amateur hackers into professional cybercriminals. In some scenarios, the fund could result in bidding wars between legitimate software developers and hackers, both seeking software vulnerability information, but for widely different purposes.