Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks
Thomas
Fox-Brewster
(http://www.forbes.com/sites/thomasbrewster/) Forbes Staff
SECURITY
(/SECURITY)
1/29/2015 @ 4:19AM
1,856 views
Follow
Comments
http://www.forbes.com/sites/thomasbrewster/2015/01/29/hackers-list-is-really-bad/
1/5
2/1/2015
Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks
Heres what the site admin told me: Yes we CAN [sic] monitor all activity on
the site to ensure adherence. However, its [sic] not possible for us to review
them all. Our review process only kicks in when a project is reported several
times. Comforting words, huh? Or not. There goes users privacy. Anyone
using this borderline (or actually) illegal service should expect to have their
details handed over to law enforcement with little fuss.
There was some promising news from the admin I spoke to: We are
integrating msg encryption on the site in the next few days. I see no evidence
this has been deployed, nor should anyone have confidence in encrypted
messaging on a site that says admins can read any message.
The site creators told me over email they wanted to keep paedophiles and porn
pushers off the service, and so would only investigate messages related to
content that might be considered illegal, obscene, lewd, lascivious, filthy,
excessively violent, harassing or otherwise objectionable. Odd diction, no?
Either way, at the slightest sign of sin, users messages will be read and they
might get chucked out. Given the list of jobs on the site right now, including
hacking a website (illegal) for as much as $900 and changing college grades
(illegal) for up to $2000, the Hackers List admins are going to be expending
much of their time banning people.
With zero privacy, at least you can expect totally secure payments, right? Well,
if you dont want to hand over your credit card details to whoever runs this site
(the admins remain anonymous as the request of their legal counsel, though
Forbes has suggested they give up their real names for guarantees over the
sites legitimacy), theres always the option of Bitcoin, the anonymising
cryptocurrency. But wait, the service doesnt even work. You have to pay by
credit card. Great. One of the admins congratulated me on pointing this out
and said theyd shut down the Bitcoin payment method.
Credit card data, the site admin said, were not stored by Hackers List
whatsoever. So where are they stored? The admin wont tell me. There is an
escrow service, but when I joined the site and attempted to hire a hacker, I was
asked to deposit funds. The only way to do that was with a credit card. This
would indicate the Hackers List owners can see my details. I declined to pay,
so low was my confidence in the site by this point.
Need I mention a glaring vulnerability
(https://www.xssposed.org/incidents/53433/) that was sitting on the site
earlier this month that left users open to account compromise? Its now been
http://www.forbes.com/sites/thomasbrewster/2015/01/29/hackers-list-is-really-bad/
2/5
2/1/2015
Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks
removed, according to the site co-owner, but again, Id have little confidence if
I were to use this service.
Its not like hackers are flocking to Hackers List anyway. From the long list of
providers on the site, it seems little more than $1,000 has changed hands.
There may be hidden payments being made, of course. And the New York
Times said its front page article on the service led to an uptick in users
(http://dealbook.nytimes.com/2015/01/16/hackers-list-struggles-to-keep-upwith-its-new-found-fame/).
But with all this in mind, one question remains: why did a slew of reputable
publications give Hackers List, which isnt even unique in what it does, so
much air time with limited scrutiny?
Comment
Now
Follow
Comments
Promoted Stories
by Gravity
Jay
McGregor
(http://www.forbes.com/sites/jaymcgregor/) Contributor
TECH
(/TECHNOLOGY)
6/23/2014 @ 11:34AM
4,983 views
http://www.forbes.com/sites/thomasbrewster/2015/01/29/hackers-list-is-really-bad/
3/5
2/1/2015
Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks
A lot has been said about an app that cant say much more than Yo. The
plucky young startup creation has received endless column inches cherishing
it, deriding it and speculating whether or not it represents the end of a tech
bubble (http://www.forbes.com/sites/jaymcgregor/2014/06/19/app-raises1m-in-funding-for-simply-sending-the-message-yo-back-and-forth/).
But those column inches turned sour when it was revealed last week that the
Yo app had been hacked by a group of students from Georgia Tech
(http://www.forbes.com/technology/) University.
The students had managed to push Yo alerts to random users phones and
read personal data from the companys database. They let Arbel know by
sending him an alert that said YoBeenHacked. Arbel quickly took the app
down and fixed the holes.
On Saturday, Arbel explained in a blog post
(https://medium.com/@YoAppStatus/we-were-lucky-enough-to-get-hackedc3161b61dc7f) what had happened and tried to put a positive spin on it: We
were lucky enough to get hacked at an early stage and the issue has been
fixed.
Arbel went on to clarify Yos privacy policy: The object of the app is to be
simple. When you join it doesnt ask you for your email, full name, Facebook
(http://www.forbes.com/facebook-ipo/) account, or any other piece of
personal information.
The only identity within the Yo app is your username. We dont want or need
any other personal information. We want you to be able to give out your Yo
username to anyone or any service without being afraid of suddenly getting a
http://www.forbes.com/sites/thomasbrewster/2015/01/29/hackers-list-is-really-bad/
4/5
2/1/2015
Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks
Comment
Now
Promoted Stories
by Gravity
http://www.forbes.com/sites/thomasbrewster/2015/01/29/hackers-list-is-really-bad/
5/5