Psssst: Wanna Buy a Used Spy Website?

0
Kevin Poulsen

The names suggest a parade of a C-list websites. There was NewJunk4U.com and Monster-Ads.net, CoffeeHausBlog.com and SuddenPlot.com. But, these sad-sounding domains actually were artful creations of the National Security Agency: They were fronts for distributing and controlling government malware around the world.

Psssst Wanna Buy a Used Spy Website

Those domains and 109 others came to light last month as part of the “Equation Group” report from anti-virus vendor Kaspersky. Researchers at Kaspersky identified 300 such domains, and published 113 of them.

The NSA’s malware domains always have been a closely guarded secret—it’s the kind of direct, actionable information that can expose even old cyber espionage operations. Now the agency is in an awkward position: What should it do with these domains now that their covers have been blown? The domains were chosen to look legitimate, which means the US government is effectively cyber squatting on a sizable portfolio of names like newjunk4u.com and businessdealsblog.com that are no longer useful for espionage, but potentially valuable for business.

What the Market Will Bear

How much would those domains be worth if the NSA liquidated them in a public auction, like any other disused government property? I gave the list to a veteran domain name broker, Sedo’s Dave Evanson, who’s been making deals since the domain-speculation salad days of the 1990s.

Evanson specializes in blue chip domains like mm.com, which he sold for a tidy $1.2 million last year, so at first glance he isn’t impressed with the NSA’s portfolio—the spy agency used a lot of fake download sites, ad networks, and notional technology blogs in its espionage. “Not going to have a lot of appeal to Joe or Mary Sixpack,” he grumbles.

But as he studies the list, he starts spotting domains with some resell potential. TechnicalConsumerReports.com, once used as an infection platform for NSA malware, might be worth something to a technology news outlet. “That name will most likely go for a few thousands dollars, and maybe as high as 10 or 15,” he says. The name xLiveHost.com, formerly a command-and-control server for the NSA’s most sophisticated known malware suite, EquationDrug, would make a good porn site today. “I would rather have been selling it 15 years ago than now. But it’s got value, maybe five to seven grand… Sex.com, we sold that for 13 million.”

Leave a Reply

© 2015 Pakalert Press. All rights reserved.