Hacked government and defense domains are being sold by cyber crooks at relatively acceptable prices. .gov, .mil and .edu domains in the United States and Europe can be sold to interested parties for a price between $55 and $499 each. Besides, the hacker also sells admin login credentials to hacked sites and looted personal data from compromised sites.

Imperva, a database security company, who released an advisory last week after encountering the illegal data trading, says that SQL injection vulnerabilities are the root cause of the security problems affecting the sites up for sale. The security firm believes that the miscreant behind the sale used a scanner to search for vulnerabilities he knew how to exploit using automated tools.

While the scenario is quite plausible it is not proven. Indeed, screenshots posted by the hacker show access to the admin interface for the University of Connecticut, but the list of domains on offer includes several typos, which raises doubts about whether what is on offer is the real deal or a scam directed at fleecing cybercrooks themselves.