WHEN an incredible marriage proposal came from Canada for my friend’s daughter, it blew him away. His joy knew no bounds. The prospective multimillionaire bridegroom was an investment banker who recently had reaped a windfall in the bullish crypto market. He boasted of a fleet of cars, including a Rolls Royce and a Lamborghini. My friend, who adored his daughter immensely, was delighted for her, but some intuitive gut feeling that sprung within him unawares agitated him and filled him with uneasiness. He decided to approach the Hacking-as-a-Service (HaaS) market to wipe his trepidations before handing over his daughter in marriage. From there, he hired a hacker from the comfort of his home. It was a hassle-free online process without any physical contact. Once he engaged the services of a HaaS team, the hackers, after remotely accessing the mobile phone of his Canadian groom, began feeding my friend with updates in real-time. They let him peek at all the WhatsApp messages, call logs, text messages, Instagram, emails of his prospective groom while simultaneously furnishing him with the entire history of his online activities and transactions. The story that emerged from all the recent and deleted messages was entirely different from the given narrative. It turned out that the would-be groom was all the time taking them for a ride. My friend instantly cancelled the marriage and averted his daughter from becoming a sacrificial goat in the nick of time. The gut feeling experienced by my friend helped him save his daughter from the clutches of a big crook who had a history of luring girls.
Likewise, the homemaker wife of a prominent bureaucrat suspected her husband was having an affair with an employee in the office. And a wealthy business owner’s son doubted his new girlfriend of two-timing him. They separately approached hackers and paid them upwards of $400 for accessing the WhatsApp chats and social media accounts, including their email accounts. The clandestine jaunts, Rendezvous and retreats, romantic exploits, and all other cats were out of the bag in just four days. Eventually, the bureaucrat managed to save his marriage by abject surrender and a promise of total loyalty to his wife. The business owner’s son, on the other hand, ditched his cheating fiance after confronting her with the facts.
Hacking-as-a-service (HaaS) is the commercialisation or monetisation of hacking skills in which the hacker serves as a contractor. HaaS makes advanced code-breaking capabilities available to anyone with an Internet browser and a credit card. The Hacking-as-a-Service market is flourishing and continuing to expand new services. The services that HaaS provides includes Facebook hack, WhatsApp hack, Twitter hack, erasure of criminal record, up-gradation of school results, database hack, android phone hack, ATMs hack, blank credit card service to withdraw the amount of one’s choice and myriad other benefits. Being a hacker may not be illegal; however, hacking into a computer or mobile phone without the permission of its owners is unlawful. The capacity of novice hackers to rapidly launch accelerated attacks has heightened the number of threats that several cybersecurity experts have to grapple with and stave off.
Besides, HaaS has now made it possible for any Tom, Dick and Harry with practically no hacking skills to launch attacks anywhere. HaaS is now a fast-growing business contributing to an exponential rise of cybercrime activities on the internet. As HaaS markets have supplied services of hackers to anyone willing to pay for the hacking services, even a non-hacker today can engage HaaS and become a cybercriminal. Although such hacking markets have existed on the dark web for a long time, only recently they have matured into fully developed marketplaces. As with any other marketplace, hackers compete intensely to outdo each other and provide their clients with the best services and bargains.
Furthermore, one can select the hackers based on the budget and the task and enter a contract. Some HaaS marketplaces offer a money-back guarantee and get their services rated and ranked. Other services that one can outsource through hacking marketplaces include distributed denial of service (DDoS), phishing, breaking into social media accounts, hijacking telephone numbers, call blocking, disrupting communication networks, spreading malware, and controlling the botnets. HaaS creates a pay-to-play environment that empowers amateurs and wannabe criminals to plan and launch attacks beyond their skills and capabilities, making the cybercrime landscape more sinister.
According to a report by Kaspersky labs, the average HaaS price for a DDoS attack is $25per hour. SecureWorks charges 1-5 per cent of the money drained from an online account to facilitate a client’s entry into it. One can hire HaaS to commit an online bank heist for rates upwards of $40, and the price for illegal transfer of reward points is $10 to $450. For getting unauthorised access into Instagram, Twitter, Snapchat, or other social media platforms, SecureWorks has pegged the average hacker fee at $129. The cost of breaking into a cell phone is feasible at $21.60/month or more. The price for hijacking corporate email is $500 and upwards. According to an FBI’s Internet Crime Report, corporate email hacking drained over $676 million from company coffers in 2017.
Hacking-as-a-Service has rendered cyberspace more vulnerable and the cyber threat terrain more precarious. Police are finding it incredibly challenging to deal with cybercriminals of the HaaS model. To combat these threats, cybersecurity professionals would have to hang around a lot and monitor the dark web to gather intelligence to help them identify and block attacks proactively. Identifying new phishing domains, monitoring them and proactively blocking them can help reduce hackers’ attacks. Social media monitoring, identifying and taking down fake company pages sites is another effective way of preventing unsuspecting customers from being phished. Hackers have also been breaking into Police networks worldwide and leaking sensitive information. Engaging ethical hackers to plug the loopholes in police networks and maintaining sensitive information in external hard drives could go a long way in minimising damage from hacker attacks.
— The writer is ADGP, Idol Wing CID