Security group Imperva accidentally came across a hacker’s offer in an underground forum in the black market of a US Army’s Communications Electronics Command (CECOM) website.
Imperva said the hacker claims websites control that includes military, universities and government websites. The hacker is charging between $33 and $499 depending on which website you want for a complete administrator site takeover. Additionally the hacker is charging $20 per thousand records, giving website stolen personal information databases which can be used by black hats to break into online user accounts. Imperva saw 16 sites administrative privileges for sale which included 300,000 peoples user accounts.
How the hacker is doing this is open for debate, but Imperva say the most common way would be through SQL Injection. Hackers would look out for poorly written webpages especially those with search boxes or data entry forms tied into a backend database.
KitGuru says: In the past Albert Gonzales, a well known hacker, use SQL to break into 7 Eleven and the Heartland Payment System.