A few days ago I noticed @HackersList, a service that pitches itself as a way for hackers and potential customers to meet. I tried to like it, truly I did, but the interface is hopelessly insecure.
The site has a polished, unique front end, suggesting that maybe someone has put some money into this.
I tried registering using Tor, which proved to be an exercise in futility. The site is Cloudflare protected and it puts up a captcha not just on initial contact, but it reappears again and again, seemingly almost at random. I give the site a 2/10 would not use if you need to actually protect your location.
I gave in, got one of those free VPN accounts from a provider I don’t use for anything else, fired up a virtual machine, and created a new identity from scratch. I was looking at a job and I found this under the message board option.
The links to the names are not URLs, but you can copy and paste that and see the profiles. Here’s kashiki, who is presumably one of the eight hopefuls for this job.
The links to the content are amenable to outside examination. I can map the hackers, their skills, and which jobs they are bidding on – this is the sort of metadata that leads to the narrowing of suspects, and then arrests shortly thereafter.
A bunch of the jobs posted are for acts which are blatantly criminal – mostly petty stuff: jilted boyfriend wants into ex-girlfriend’s Facebook, change my grades, or ‘password recovery’ gigs. Even so, HackersList is taking a cut and offering refunds for poor service. These people are apparently unaware of Title 18 § 1030 and Title 18 § 2
If you choose to proceed, there is a link, inexplicably named Hacker CP, which leads to the control panel. The acronym CP would be almost universally recognized as ‘child pornography’ by any actual hacker. That cultural misstep, coupled with the utter lack of sensitivity to what ought to not be visible, make this nice deal flowchart moot.
I review a lot of products and I very, very rarely write about something I didn’t like. Usually the most I will do is compare/contrast two or more competitors and suggest niches where each will fit. The only niche I see for @HackersList is as a broker for personal SEO/reputation management, and there are a number of jobs and purveyors of such services already present. The legitimate business will be overshadowed by the potential for civil or criminal troubles to simply take them out of the game on a moment’s notice.