Software used for years by hackers and criminals have now become mainstream and, as we have mentioned before, hacking and cyber crime have been professionalized. As such, tool kits that enable these activities have been packaged for sale and wide dispersion across the Internet. These cyber attack tool kits make it possible to automate hacking, espionage, fraud, and much more. These top hacking tools are now being sold for prices ranging from less than $100 and up to $50,000.
And you wont believe this: The most advanced packages come with customer service/support. In at least one case the package includes 12 months of technical support and updates to ensure the kits stay up to date on the latest web vulnerabilities.
Arguably the most advanced hacker tool kit is MPack. According to Intelomics, MPack is a PHP-based malware kit with high quality key-logging capabilities that sells for between $500 to $1,000 USD and the first version was released in December of 2006. It is believed to have been produced by RBN, a multi-faceted cybercrime organization and appears to come with support and monthly updates.
RBN and their support units provide scripts and executables to make MPack undetectable by antivirus software. Every time MPack is generated it looks different to the anti-virus engines and it often goes undetected. The modularization of delivery platform and malicious instructions is a growing design in cyber weapons. MPack is very popular and powerful. In June 2007, it was used by a single person to attack and compromise over 10,000 websites in a single assault.
FACT: In 2007 a new piece of malware was identified every 45 seconds.
These tools have become common place and are quite affordable. Paul Henry, VP at Secure Computing, estimates there are currently about 68,000 cyber attack tools available for download and the number is growing fast. In some cases these tool kits are sold under the heading of “Penetration Testing Products,” a legitimate and useful product.
However, the automation that enables multi-site scanning and intrusion would have very little applicability in the real security testing world. Experts have estimated that the underground market for cyber attack tools is in the hundreds of millions of dollars worldwide.
Note: MPack should not be confused with mpack, which is a harmless command-line utility.
Common Cyber Weapons and Attack Tools:
MPack, SQLNinja
Shark 2, WFuzz
Nuclear, ProxyStrike
WebAttacker, Wireshark
IcePack, httpRecon
John the Ripper, Exploit-Me
USB thief, Burp
Kismet, Metasploit
Cyber Attack Tool Web Sites
http://www.ethicalhacker.net
http://www.metasploit.com
http://www.hackerscatalog.com/Products/Deal_Steals/index.html
Some of those tools are far from “hacker” tools, but much more commonly used by sysadmins and others.
Wireshark, for example, is a network traffic capture package, and the best tool for debugging your own network.
John the Ripper is a bulk password cracker. It is considered good practice as a sysadmin to crack your user’s passwords to ensure that others can’t.
Kismet is an 802.11 sniffer/utility.
Metasploit is a meta toolkit. It is a toolkit for writing exploits (thus the name “metasploit”).
Putting these tools in the same category as MPack is, IMO, not the best in the world.
I’m not disagreeing with the article but, the list is very misleading. For instance, a simple web search shows there are no products named, “WebAttacker Wireshark” or “IcePack httpRecon” or “USB thief Burp”, just to name a few.
I’m sure the list was just mis-printed (at least I hope it was).
To continue my gripe of this list of “tools”…many are legitimate tools that, if used properly, could prevent many of the attacks out there today. The sad thing is that most developers and testers don’t know about them or use them in their practice.
On that note, I think it would be best to separate the list into two different lists, one for legitimate tools and one for malware packages.
Fixed, Chris…thanks.
Yeah, some of these “Cyber Weapons and Attack Tools” come with common Linux distributions because they have valid uses. No one is going to be trying to compromise a DoD mainframe with Wireshark.
Since the list seems to be distracting form the point of the matteer, let me try to shed some light on how it came about.
Think DUAL PURPOSE
1. Fist of all sys admin tools are being dual purposed.
2. The list was compiled based on actual attacks we have been involved with, experienced or seen over the last three years. If the tool does not appear on the web, I am not overly concerned because that was the tool/attack code we discovered.
The point is that organizations are and have turned common admin tools into attack tools.
Kevin and Spy Guy are right! One man’s tool is easily another man’s weapon.
Anyhow the best hacking tools I don’t think Kevin would ever list or provide info on how to get them.
A good Hacker Tool List
http://www.jnetworld.com/tools.htm
Also you need to realize most hacking is to establish a source of information, not to harm the system!
Well I found an article about the German law. I found allot in German but this one is in english.
http://blogs.techrepublic.com.com/networking/?p=263
Thanks to the poster who talked about this.
I just found the DHS listed the “hardware sabatoge” as a threat and initiative the have for this year! How right you were.
Working towards a stronger supply chain defense to reduce the potential for adversaries to manipulate IT and communications products before they are imported into the U.S. To address this challenge, the Federal Government is exploring protections into our federal acquisition process and developing a multi-faceted strategy to reduce risk at the most appropriate stage of the IT and communications product lifecycle.
RIGHT AGAIN!
For all your critics of Mr. Coleman’s blogging on here, you should be eating your words AGAIN! 500,000 IIS machines got attacked based on a vulnerability that was acknowledged by Microsoft on April 15th. This is the type of attack the Kevin spoke of in his April 21st Cyber Holes in your Software posting. The attack began just three days after his post. Kevin Coleman has proven himself as on of the worlds top Cyber Warfare Strategist. I am so glad he is on our side.
Read http://www.internetnews.com/security/article.php/3742926/HalfMillion+IIS+Servers+Hit+in+Cyber+Attack.htm
Don’t you see the trend? Half a million _ISS_ servers attacked, a new virus every 45 seconds (for _Windows_), etc, etc. The easiest solution would be to ban all Microsoft products. Better yet, have some regulation in place to insure that system admins have _some_ brains. The truth is, most of these problems are caused by people going into a field which they have no interest in. Subsequently, they do a poor job at securing their employer and things like this happen.
The other problem is of course Microsoft Windows. It’s really sad that this poorly put together Operating System has created an entire world of criminal activity that relies on botnets made available by your friendly neighbourhood Windows computers. A repository system for software installation (similar to what Linux has used for years) is one great way to avoid social engineering attacks. However, the real problem is that you have one giant, poorly coded OS for a target and a company that doesn’t push out patches very quickly. This leaves huge, gaping security holes that hackers continually exploit.
Arthur I am affraid there is so much Microsoft out there it is too late to ban it.
But being from Netscape, I do like the way you think!