Over the weekend, word started spreading online about “Hackers List”, a service that offers individuals a way to connect with hackers who are looking for freelance work. While the site clearly states that it exists only to link hackers with potential employers, questions about the legitimacy and legality of such a service immediately starting springing up.
With so many hacks in the news recently, it comes as no surprise that the public would be leery about this sort of service. But does a site like this really pose a security threat? Or is this a first step in the process of the positive side (so-called “white hat”) of hacking finally being accepted by the mainstream?
Browsing the Site
Even though news of the site has only recently been hitting the major news outlets, it’s actually been up and running for some time – the first tasks went up for bid in mid-November 2014. That means there’s already a fairly large number of tasks that prospective hackers can browse through and make offers on. Unfortunately, taking a look through the available tasks doesn’t fill one with confidence.
The majority of tasks on the site take the form of “hacking” into social media or email accounts, with a few requests to have images removed from sites and that sort of thing. While it’s possible that some of the more involved tasks are hidden away in the pages and pages of results (which don’t seem to be searchable, annoyingly enough), there surely can’t be many of them. Even selecting the different categories of hacks, like “Product Manufacturing” or “Writing”, just shows the same kind of password cracking requests that have been misfiled.
It’s entirely possible the site was created with the best of intentions; in the hopes of connecting skilled developers and researchers to individuals and groups who are in need of their specific skills to solve complex and unique problems. But those hopes have surely been dashed by the legions who’ve flocked to the site hoping to get access to their significant other’s email account.
In fact, it seems like every task listed on the site is in violation of their Terms and Conditions and Acceptable Use Policy. Sites turning a blind eye to a few ToS infractions is nothing new of course, but then it seems 98% of the posts on your site violate your own rules, you may as well just dump the rules altogether.
After browsing the site for a bit you come to one very obvious conclusion – there’s really nothing to be worried about here.
While a site like this could potentially be a serious threat – for example, to allow a company to find somebody to break into their competitor’s network – the reality is there’s nothing here but social network denizens looking for quick fixes and pranks. Honestly, it’s hard to believe many successful transactions have even been facilitated by this site, given the inane nature of the tasks and the meaningless responses the “hackers” leave.
In truth, it’s sort of sad to see the state Hackers List is in. If would have been refreshing if the mainstream media had been able to look at this site and see a legitimate marketplace for security research, penetration testing, and development. As it stands, Hackers List does nothing but further the negative hacker stereotypes that are already so pervasive.
At least for now, the line between security professionals and criminals is still unfortunately blurred.