A computer running inside the corporate network of Cisco Systems is one of about 17,000 machines that is being rented out to online miscreants looking to get a foothold inside Fortune 500 companies, according to a published report.
The Windows Server 2003 system uses Microsoft's Remote Desktop Protocol so it can be remotely accessed by anyone with the login credentials. It's listed on Dedicatexpress.com, a service that allows anyone in the world to access hacked computers at specific organizations, KrebsonSecurity reported. Remarkably, the username for the box is "Cisco" and the corresponding password is—you guessed it—"Cisco."
"Businesses often turn on RDP for server and desktop systems that they wish to use remotely, but if they do so using a username and password that is easily guessed, those systems will soon wind up for sale on services like this one," reporter Brian Krebs wrote.
A contact on Cisco's security team confirmed to Krebs the hacked RDP server was inside of the networking giant's network. The unidentified source described it as a "bad lab machine" but declined to be more specific. Dedicatexpress allows people to log into computers for as little as $4.55. The article doesn't say what people who use the service do once they've accessed a computer. One possibility is using it as an anonymity service. Attackers might also want to capitalize on the trustworthy reputation some corporate computers enjoy among spam and malware scanning providers.
It would appear the compromised Cisco machine may already have been used maliciously because its reputation was already shot.
"I ran a check on the Cisco box and found that it had already been blacklisted by 10 out of 15 popular services that track malicious activity online, such as spam and malware hosting," Krebs wrote. "Not to worry, though: The service’s operators assure buyers that 'if you have any problems with the remote server you have just purchased, you will always be able to file a ticket with technical support and we will be happy to assist you.'"