A hacker claims to have stolen credentials to a number of US government websites and sold them on a dark web marketplace, reported Tech Insider.
According to the report, listing for some accounts including US Navy, Centers for Disease Control, and US Portal Service were spotted on a dark web market place, dubbed The Real Deal, which is a popular transaction hotspot for cyber-criminals dealing in illicit possessions.
However, details regarding when they were posted on the ‘discreet marketplace’ remain blurred, as no dates were attached to the uploaded accounts.
The seller, ‘popopret’, offered file transfer protocol access to servers of (National Oceanic and Atmospheric Administration), usps.gov (The US Postal Service), cdc.gov (Centers for Disease Control), jpl.nasa.gov (NASA Jet Propulsion Laboratory), and navy.mil (US Navy).
The prices start from as low as .5 Bitcoin ($329) for the CDC but considerably more for servers related to the Navy at 3.5 Bitcoin ($2300). Popopret also told Tech Insider that the credentials were acquired via ‘sniffing a bitnet’, which suggested that the hacker was actively spying on a large number of computers for interesting traffic content such as usernames and passwords.
However, the aforementioned claim and the seller’s credentials could not be verified but past episodes indicate that The Real Deal is a major source of data breaches and hacker exploits. Though all these credentials have been listed for sale, the purpose which these can be used for remains blurred.
The dark web has emerged as a popular place for hackers to sell sensitive data at relatively cheaper prices; credentials, weapons and drugs being the three major items.
With the advent of advanced hacking tools and software, government organisations, private sector companies, and even individuals should take precautionary measures to stay on the safer side of the spectrum.