Hack-for-hire operations are services that provide clients with illicit access to information by infiltrating digital systems or networks, typically for a fee. This form of hacking on demand has seen a surge in popularity over recent years, with the trend being attributed to advancements in technology, growing digital connectivity, and increasing demand for corporate espionage and personal data breaches.[1]
The concept of hack-for-hire services can be traced back to the early years of the internet, when hackers were contracted for a variety of reasons, such as to perform penetration tests which was considered "ethical hacking"[2] . Over time, however, the scope of these operations expanded to include illegal activities, like industrial espionage, personal data breaches, and illicit political interference.[3]
Hack-for-hire operations typically involve a client who pays a hacker or a group of hackers to infiltrate a specified digital system or network to gather information. The services offered by these hackers can range from simple password cracking to sophisticated techniques such as phishing, ransomware attacks, or advanced persistent threats (APTs).[4]
Hack-for-hire operations often utilize the dark web, an encrypted part of the internet that is not indexed by traditional search engines, to advertise their services and connect with potential clients. Transactions are typically made using cryptocurrencies to maintain anonymity.[5]
Hack-for-hire services are typically considered illegal, as they involve unauthorized access to private digital systems and computer networks. They are generally punishable under the computer crime laws of many countries, including the Computer Fraud and Abuse Act (CFAA) in the United States and the Computer Misuse Act in the United Kingdom.[6] [7]
In 2023, an extensive Reuters investigation revealed a massive scheme of hack-for-hire operations, uncovering several groups operating globally. The investigative report showed the complex and sophisticated nature of such operations, which often involved multiple layers of hackers subcontracting work to maintain anonymity and evade legal repercussions.[8]
The London-based National Cyber Security Centre (NCSC) said in a report published on June 22 2023 that it was increasingly seeing "hackers-for-hire" brought in "to gain the upper hand in business dealings or legal disputes."[9]
Several high-profile hack-for-hire operations have made headlines in recent years: