-2

I came across many people offering me hacking services and they offered to hack social network accounts like Facebook and Instagram. Are these guys for real? Are there any reasonable ways to break into such accounts?

Kevin
  • 43
  • 1
  • 1
  • 2
    We cannot know if the ones who contacted you are "for real". Yes, it is possible to break into social media accounts, usually by targetting the person (not the social media account) – schroeder Jul 11 '18 at 16:52
  • 8
    Anyone that advertises themselves as a "hacker for hire" that hacks social network accounts, are in fact, idiots, and will not only get caught, but turn you over the second the feds show up. Don't break the law. Respect others. – DotNetRussell Jul 11 '18 at 16:59
  • 3
    Why is this question being downvoted? The existence or non-existence of criminals for hire is a serious question. It could perhaps be stated more elegantly, but for-profit hacking and the implications of such are serious questions worthy of study and an answer. – Steve Sether Jul 11 '18 at 20:23

4 Answers4

8

Hackers for hire are real. Occasionally, they will even interview with established journalists if they feel they can maintain their anonymity.

That said, anyone approaching you over the internet is probably a scammer.

Note that in the US, conspiring to hack is illegal per 18 USC 1030 B:

(b) Whoever conspires to commit or attempts to commit an offense under subsection (a) shall be punished as provided in subsection (c) of this section.

Even if the offer is legitimate, paying someone to hack on your behalf is still a federal crime (and probably a local one, too).

You should walk away from such offers, given that they are likely fraudulent and definitely illegal.

DoubleD
  • 3,862
  • 1
  • 6
  • 14
5

First, if the hackers for hire came to you offering services, they are more likely to be in the business of scamming than in the business of hacking.

Second, there are definitely individuals out there who may have a business in exploiting an individuals' accounts, but as @schroeder pointed out that type of hacking would fall into the realm of social engineering.

Here is a Social Engineering Lesson that I found that might interest you.

At the end of the day, the best advice is to stay away from such solicits as they will just cause a financial loss or a seat in front of the judge.

HoleyCow
  • 53
  • 4
5

Do they exist? Yes, it's often called red teaming, though there are both legal and illegal red teams. Legal red teams are pentesters who you pay to attack your company. You have a carefully written contract which tells them what they are and are not allowed to do. There are also illegal red teams which use the name as a euphemism. These come from companies that are large, full of unethical practices, and often have government affiliation, such as Raytheon or Leidos. They advertise it as offensive security or red teaming. They do not sell to random people who email them, only to governments or major companies interested in corporate espionage intelligence.

Now, are the ones that are advertising to you legit? No, most certainly not. While individuals that hack for hire do exist, they tend not to openly advertise this, and they do not hack social media so you can spy on your ex. Many times, they do not even consider themselves as such and do not regularly hack on behalf of others, but will not turn down an offer for money.

There are many red flags to look out for:

  • Does the service advertise hacking for personal gain, e.g. spying on personal media?

  • Does the service offer ridiculously low prices, lower than around 100 USD an hour?

  • Is the service proactively being advertised to you?

  • Is it a generic service that claims to be able to "hack" any electronics or sites?

Any of these should send you running. Of course, this effectively includes all hackers for hire you are likely to ever see. Now, what kinds of services that could be classified as hackers for hire would be legit, given a loose definition of hacker? Excluding government contractors, you may run into:

  • Groups that hack video games by developing cheats and selling them.

  • Groups that design and sell customized malware or sell botnet resources.*

  • Companies that sell exploit kits with 0days, sometimes for millions (e.g. Core Impact).

  • Individuals or groups which perform legal penetration testing.

These are clearly not the stereotypical and rather mythical "hacker for hire" where you pay to get someone's Facebook password, but they can still be described as offensive security services.

* While these may be legit services in that it is not downright fraud, they usually sell pre-designed malware for a high price, making it a huge rip-off. The kind of malware sold is the kind you could design if you learned some C.

forest
  • 64,616
  • 20
  • 206
  • 257
1

Yes, they are absolutely real. Obviously white hat pen-testers are "hackers for hire", but I think you mean "are criminal hackers for hire real" and the answer is also yes. Below is a map of dark web landing pages. It is obviously NSFW, and has many disturbing sites (disclaimer). If you dig around you will find lots of services for hire that would fall into "hacking."

https://www.hyperiongray.com/dark-web-map/

That said there are grey areas here too. Charlie Miller, a famous Sec. Prof. has talked repeated about how the US does not buy bug bounties from hackers but other countries like Russia and China will. There are multiple famous hackers who hunt bugs and sell them maliciously, as in to companies or govts other those with the bugs. There are even some companies that ride a fine line on this. Vupen being one.

Big question, -how- did they approach you? I would be more concerned about that, or I would be careful what your online footprint looks like if you're getting attention from folks like that.

bashCypher
  • 1,839
  • 11
  • 21
  • -1 because the "dark web" does _not_ have "hackers for hire". It has scams. – forest Jul 12 '18 at 02:44
  • Also, the US _does_ buy bugs from hackers. The idea that the US does not do this is bull. And VUPEN does not exist anymore (s/being one/was one/ might be good). It is now Zerodium. – forest Jul 12 '18 at 02:50
  • 1
    @forest - it has both hackers for hire and scammers, but for a beginner it is more likely to find a scammer. As for the US buying part, of course they do....and they afford it. Most, except a few with some morality, will sell their finds to the highest bidder, which is the US. – Overmind Jul 12 '18 at 07:48
  • @Overmind While it might _technically_ have some, I could count the number of people who do so in that particular location on my hands. – forest Jul 12 '18 at 13:44
  • @forest if it has them, even just "on one hand," you owe me an upvote ;) Getting into how black market bidding through tor networks (dark web) and other means, seemed out of scope for the question. I highly recommend you read "Countdown to Zeroday" which covers this well. You are also right about Vupen, and I knew that but I seem to forget it as they were always my quintessential company example for this. So that's fair. – bashCypher Jul 12 '18 at 16:20
  • Many of the books on that subject are... quite wrong, to put it mildly. As someone who actually deals with 0day brokers, I can confidently say that these people do _not_ prefer the "dark web" and tend to avoid it simply because it is full of script kiddies. That "map of the dark web", for example, has precisely zero (unless one I don't recognize was created, but I just looked over it real quickly). – forest Jul 13 '18 at 10:45