1(630)802-8605 Ravi.das@bn-inc.net

Some time ago, I believe on a weekend, I wrote about the Dark Web, and how it can be accessed.  I intend to continue writing about that topic, and in fact, I believe that my next focus will be is on how to surf the Dark Web safely (if there is even such a thing).  Remember the Dark Web is deemed to be by many, and especially law enforcement officials at the Federal level (especially the Secret Service and the FBI) to be the underworld of the Internet.

For the most part it is, but it can also possibly serve some useful purposes as well (I still have to qualify this, so this is my disclaimer here).  Lots of things happen on the Dark Web, and today, I have discovered one more new illegal kind of activity that is happening:  Selling direct access points to government and other related agencies.

How is this done?  Of course, the Cyber attackers are selling you the usernames and passwords which were harvested in an attack, but they were done using a slightly different approach than most hacks.  They used what is known as the “Remote Desktop Protocol” from Microsoft.  What is it exactly?  Here is a definition of it:

“ It is a Microsoft protocol designed to facilitate application data transfer security and encryption between client users, devices and a virtual network server. It enables a remote user to add a graphical interface to the desktop of another computer.”

(SOURCE:  https://www.techopedia.com/definition/3422/remote-desktop-protocol-rdp)

This is of course the techie definition of it.  Long story made short, the RDP is just another way in which you can log into a remote computer and see the exact same desktop, but from many miles away.  It’s like accessing your work computer remotely and seeing the exact same desktop at home as you would at work.  Or do you remember that software package called “PC Anywhere”?  Same purpose also.

The RDP can be found on Windows 10 for sure, and I believe even maybe going as far back as Windows 7.  It can be a pain to get set up, and it does take some time and know how.  I have actually configured some RDP’s myself, but not without the sweat and tears that went with it.

So, to make life easier, the Cyber attacker is now selling already preconfigured RDPs, which contains the username and password.  So if you are interested, all you have to is just buy this package, and log in to the hacked into government agency.  The best news of this (and I am not condoning this by any means):  It’s cheap, in fact, dirt cheap:  You can get this for only $10.00

Alarmingly, the Cyber security researchers (at McAfee) also located shops selling RDP access to government systems all over the world. Many of these RDP connections are linked to healthcare organizations, including hospitals, nursing homes and medical equipment suppliers.  They also discovered various RDP configurations that are associated with several municipalities which include housing associations, and health care institutions based in the Netherlands.

For some tidbits, apparently the second largest RDP shop is known as “BlackPass”, which sells RDP access into computers, social security numbers, credit card numbers,  and other sensitive data to set up loans or open up bank accounts.

You may be wondering why the Cyber attacker is all of a sudden so head over heels in love with the RDP? There are four main reasons why:

*It allows the Cyber attacker to gain access over the entire computer, and I mean everything.  As a result, the RDP can also be leveraged to conduct other Cyber crimes, including identity theft, credit card fraud, etc.

*It allows for the Cyber attacker to mask their presence and malicious activities on a victim’s system (this is news to me actually);

*It allows for Ransomware to be deployed without having to use techniques such as phishing or use exploit kits. The best example of this:  the SamSam Cyber attack group spent only $10 dollars to get access to a victim’s computer via RDP and have charged $40K ransom for the decryption files.

So, what can be done to protect yourself, if you ever find you have to use RDP?  Well, there is not really too much that you can do.  RDP is what is known as a closed source, proprietary protocol developed and created exclusively by Microsoft.  Thus, it is on them to make it more secure and safe. But, what you can do is if you need to make use of RDP, make sure that you have some sort of encryption software  package installed onto your computer as well, such as SSH or even PuTTY.

Here is a listing of some affordable packages:

https://www.pcmag.com/article/347066/the-best-encryption-software-of-2016

I also found this article to be amongst the best in how to make your RDP connection more secure:

https://searchsecurity.techtarget.com/tip/Remote-Desktop-Protocol-security-How-to-secure-RDP-network-endpoints