January 5, 2012 By Dancho Danchev

Email hacking for hire going mainstream

by Dancho Danchev

Just how easy is it to hack someone’s email nowadays? Very easy as the process is offered as a managed service within the cybercrime ecosystem.

Over the past couple of months, I have been monitoring an increase in managed email hacking services. These services basically offered everyone the ability to claim someone else’s email through email hacking performed on behalf of the vendor. Such services have been circulating in the wild since early 2008. Shall we take a peek at their latest market proposition?

Let’s profile a managed email hacking service offering to hack Gmail and Yahoo accounts.

The service I’m going to profile is called Vzlom Pochta, which is literally translated as breaking into an email account. The service offers guarantees for prospective customers. For instance, in order for the vendor to confirm that the email has been broken into, they will include a screenshot, copy of the victim’s address book, and copies of the email the customer has sent to the victim. Within the cybercrime ecosystem, these services are often pitched as password recovery services, clearly attempting to legalize their practices.

Translated market proposition:

We work with wholesale customers. If you are a regular customer, you also are entitled to a discount. More information about the prices of services and cracking discounts, please see the section PRICES.Ordering hacking email (soaps) with us, you can be 100% confident in the anonymity of hacking mail. We guarantee a ANNONIMNOST your order, and that the victim of cracking the password e-mail will learn nothing and no suspects. More on this page WARRANTIES. Before payment is strongly suggested to read the section on the order of mutual PAYMENT. Finally, if you do not have any additional questions, you can order the break-mail directly from our website using the order form on the Contact Us page.Instead of a conclusion. Yes, it really works. Much to ask of those who “just want to see how to hack e-mail” is not going to pay, to pass by and not make empty orders are not wasting our time wasted. If you placed an order and refuse to pay, we reserve the right to notify the victim hacking mail. We do not work with social networking and dating services and do not carry breaking Classmates and VKontakte. We can only crack the e-mail inbox! That is all I would like to add. We hope for fruitful cooperation.

The prices for hacking the emails are as follows:

  • Mail.ru, Inbox.ru, List.ru, Bk.ru – 2000 rubles
  • Yandex.ru – 2500 rubles
  • Rambler.ru – 2500 rubles
  • Google.com – 4000 rubles
  • Yahoo!.com – 8000 rubles

DIY email brute-forcing tools have been around for years, with their modern alternatives coming with built-in CAPTCHA-solving support for the login page, thanks to vendors offering CAPTCHA solving services. The overall increase in the availability of such managed email hacking services, is the direct result of DIY web-based kits exploiting multiple passive and active XSS vulnerabilities — now patched — within their Web interfaces. That leaves botnet data mining for stolen passwords, and plain simple social engineering and spear phishing attacks in the arsenal of the attackers.

Just how easy is it to hack someone’s email? Let’s just say it used to be way easier than it is for the time being. Despite the fact that end users are choosing easy to brute force passwords, and the fact that their password resetting questions are easily guessed, recent product features introduced by Yahoo! Mail and Gmail, make it increasingly harder to hack into someone’s email.

In February, 2011, Gmail introduced two-factor authentication, followed by Yahoo! Mail in December 2011, making in increasingly harder to hack into someone’s email.

Monitoring of the service is ongoing. Updates will be posted as soon as they update their underground market proposition.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button

Trackbacks

  1. […] ※この記事は1月5日に更新された英語版の参考和訳です。 […]

  2. […] Remember the email hacking for hire service which Webroot extensively profiled in this post “Email hacking for hire going mainstream“? […]

  3. […] as we anticipated on two occasions in 2012, managed email hacking for hire services continue popping-up at publicly […]

true