FYI.

This story is over 5 years old.

Tech

Between Black and White Hat: Hackers 'w0rm' Offer Legit Security Work Too

The hackers claim to be doing penetration testing for companies on top of their usual exploits.
Screenshot of the w0rm site. Image: w0rm

In a surprising twist, a group of hackers with a reputation for selling exploits on the black market is now apparently offering above-board security audits for companies.

In a recent update to its website, w0rm, a hacker group widely thought to be Russian, detailed its new service.

"Almost every day there is a report of a new high-profile website being hacked," the site reads. "The target usually is sensitive corporate information that can be misused to affect a company's reputation and finances. Safely and accurately audit your web resources for potential security risks."

Advertisement

"We began to receive orders and offers of cooperation from both those who had been hacked and from strangers," a w0rm representative told Motherboard in an online chat. "There was a demand."

New Index #w0rm.ws by https://t.co/oNFAW0uQEl wearymax.ru pic.twitter.com/76dva9GX44
— w0rm (@w0rmWS) September 28, 2015

W0rm has apparently received requests from both "companies and intermediaries" interested in penetration testing services. Penetration testing is where a hired hacker will explore a site for vulnerabilities, and then report these problems to the affected company.

W0rm hit headlines last year when the group hacked into servers belonging to technology website CNET, the Wall Street Journal, and VICE. In all those cases, apparent stolen data from each company was offered up for sale for 1 bitcoin, suggesting the hackers were presumably looking for a payday more than anything else.

But w0rm told CNET that its goals were actually altruistic, and that the hack was driven by a desire to upgrade internet security. "By targeting high-profile sites, the group says it can raise awareness about security flaws," CNET wrote at the time.

The claim that w0rm actually wants to improve security may hold a little more weight now, with the announcement of its penetration testing services.

W0rm still runs a digital marketplace where information on recently discovered computer vulnerabilities and stolen databases is for sale.

Advertisement

The representative said that w0rm has worked formally with "about 5 big Russian companies," adding that they usually get paid anywhere between $5,000 and $20,000 to carry out penetration testing.

"I began to try this model since breaking CNET but put it in effect took a year," the representative explained.

Emails shared with Motherboard by w0rm show contact with companies including Megafon.ru, a Russian telecoms firm, Topface, a dating site, and Global IT, a cybersecurity firm, but it is unclear if any of these are clients. None of the companies replied to a request for comment.

W0rm still runs a digital marketplace where information on recently discovered computer vulnerabilities and stolen databases can be put up for sale. Security issues are listed on this part of the site "after notifying administration sites but got no response," the representative said. Just last month, however, w0rm advertised a wad of data on the site that was stolen from a rival hacking group.

That part of w0rm's business will continue, the representative said, but will run in parallel to the newly-launched security audit service.

It's easy to fall back on the dichotomous "black" and "white" hat labels, used to differentiate the motivations of hackers. But w0rm's case shows that it's not always as simple as light and dark; sometimes the nature of those acting in this space is full of shifting shades of grey.