We recently found an interesting post in a Russian underground forum in the course of our research. People exchange information about their illegal activities in these kinds of forum. We found a user in the forum with the handle “sourcec0de” and ICQ number 291149 who currently offers root access to some of the cluster servers of MySQL.com and its subdomains.
The screenshot above shows that the seller appears to have a shell console window with root access to these servers. The price for each access starts at US$3,000 with the exchange of money/access being provided by the well-known garant/escrow system for which a trusted third party verifies both sides of a transaction.
In our previous underground research, we also saw sourcec0de sell stolen PayPal account credentials and discussing the management of botnet command-and-control (C&C) servers.
We contacted MySQL.com about this issue last week. We are making this public to stress the fact that hackers do not only profit from selling stolen data or by inserting bad links into spam or phishing email, websites, and other possible infection vectors.
This case, regardless of whether sourcec0de’s claim is true or not, shows just how brazen cybercriminals are, selling administrative access to specific systems, which can be negatively impacted by their break-ins.