Russian hackers amass 1.2 billion emails and passwords


By Andrew Collins
Tuesday, 12 August, 2014

Russian hackers amass 1.2 billion emails and passwords

A Russian gang has collected a cache of 1.2 billion unique credentials - pairs of emails and passwords - according to information security firm Hold Security. But there is dissent in the security community about the legitimacy of the report.

Hold Security said last week that it had “discovered what could be arguably the largest data breach known to date”.

The firm said it conducted a seven-month investigation that identified a Russian “cyber gang” currently in possession of the credentials. “While the gang did not have a name, we dubbed it “CyberVor” (“vor” meaning “thief” in Russian),” the firm said.

According to the firm, the gang collected over 4.5 billion records, most of which are stolen credentials.

“1.2 billion of these credentials appear to be unique, belonging to over half a billion email addresses. To get such an impressive number of credentials, the CyberVors robbed over 420,000 web and FTP sites,” the firm said.

Hold Security said the gang initially acquired databases of stolen credentials from other hackers on the black market.

“These databases were used to attack email providers, social media and other websites to distribute spam to victims and install malicious redirections on legitimate systems,” the firm wrote.

Then earlier this year, the group altered its approach. “Through the underground black market, the CyberVors got access to data from botnet networks (a large group of virus-infected computers controlled by one criminal system).”

The botnets used victims’ computers to identify SQL vulnerabilities on the sites that victims visited, effectively conducting “possibly the largest security audit ever”, the firm said. The gang then used these vulnerabilities to steal data from these sites’ databases, mostly focusing on stealing credentials, and “eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of emails and passwords”.

The affected

The gang cast a wide net, targeting “every site that their victims visited”, Hold Security said. The list of the affected therefore includes “many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites”.

According to the company’s website, Hold Security was founded by Alex Holden, who it says “worked for over 10 years as the Chief Information Security Officer for a large brokerage firm in the United States”.

Holden is quoted in the NYT as saying that “most of these sites are still vulnerable”.

NYT also engaged an unnamed security expert - one unaffiliated with Hold Security - to analyse the database of stolen credentials and confirm that it was authentic.

The paper reported that the gang has so far not sold many of the records online, instead using the stolen data to spend spam on social networks on behalf of others, for a fee.

According to the paper, the gang is based in a small city in south central Russia and comprises fewer than a dozen men in their 20s.

How real is this?

Some in the infosec community have questioned the legitimacy of Hold’s claims.

David Emm, senior researcher with security firm Kaspersky, told the Guardian: “Nothing has been released by an established security company - I personally haven’t come across Hold Security before - and we’ve had no information on the companies affected, or whether they’re still vulnerable. There’s just what seems to me to be a pretty vague claim of the largest security breach to date.”

However, Brian Krebs of KrebsOnSecurity.com vouched for both Holden and Hold Security’s report.

“I’ve known Hold Security’s founder Alex Holden for nearly seven years. Alex is a talented and tireless researcher, as well as a forthright and honest guy. His research has been central to several of my big scoops over the past year, including the breach at Adobe that exposed tens of millions of customer records,” Krebs wrote.

“I have seen his research and data firsthand and can say it’s definitely for real,” Krebs continued.

Hold Security’s website lists Krebs as a ‘Special Advisor’ to the firm.

Image courtesy Zodman under CC

Related Articles

Secure-by-design software development for digital innovation

The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...

Bolstering AI-powered cybersecurity in the face of increasing threats

The escalation of complex cyber risks is becoming a pressing issue for those in business...

How attackers are weaponising GenAI through data poisoning and manipulation

The possibility for shared large language models to be manipulated through data poisoning...

Content from other channels on our network

EV future for Monash Uni

Shell Cove battery launched on NSW South Coast

Million-dollar rooftop solar for Kimberley hospital

Protecting wildlife from electrical assets — and vice versa

Immersive VR training for electricians

'Curving' light beams could enable terahertz comms

Panasonic offers private 5G network testing in Munich

Antenna upgrade enables better sewer management

60 million Aust drone flights predicted for 2043

The fire on Marley's Hill

Robotic lab enhances battery manufacturing

Machine learning used to create fabric-based touch sensor

Hybrid sodium-ion battery can be charged in a few minutes

Researchers develop energy-efficient probabilistic computer

Wearable sensor measures real skin feel

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd