Hackers for Hire
Need info about your business competitors? Revenge on a cheating ex? Everyone from jilted lovers to law firms has hired freelance hackers.
The market for hackers for hire is surprisingly large. They can be found, as one would think, on the internet black market, but also on public message boards as well. Clients include lawyers, businessmen, students and regular citizens.
The array of services is vast. You can find amateurs using publicly available spyware kits charging a one-time fee of a few hundred bucks and you can find hackers charging tens of thousands of dollars for industrial espionage or intellectual property smuggling. The websites where you can find these services can be vague internet postings or websites that allow ratings and feedback to (somewhat) ensure the legitimacy of the service provider. On some websites hackers bid on jobs and on others they can pay extra to make sure their listing comes up first.
How do they get away with having websites like this? Some of them say they're only for legal use, like helping recover lost passwords or information. Yet services listed on such sites include hacking universities to change grades and accessing information on a website and making changes to it. Some forums are even more blatant about it, specifically offering services like social network hacking and DDoS attacks.
Cryptocurrencies like Bitcoin are often used in these services, making it harder to trace who is buying and carrying out the services.
What about the legality of these websites? For the most part, it's not illegal to own the software. After all, it's not uncommon for someone to be a remote admin for a computer. Unauthorized access, though, is illegal. These hacker marketplaces are something of a legal conundrum. Except for in federal offenses, a website is not liable for what its users do. Some actions could be tied to federal offenses leading to accomplice or conspiracy charges.
US laws are trying to catch up. The Commerce Department wants to make it so that anyone selling unpublished zero-day exploits internationally would be required to have a license designating intrusion software as a potential weapon. That might help fight black market hackers, but it could also hinder offensive cybersecurity firms, some of whom are hired by the NSA and the FBI.