icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
5 Aug, 2014 20:57

Russian cybergang accused of accumulating most stolen web credentials ever

Russian cybergang accused of accumulating most stolen web credentials ever

A Wisconsin-based security firm says that a gang of Russian cybercriminals is responsible for accumulating more stolen internet credentials than ever previously reported, according to the New York Times.

The paper reported on Tuesday that Hold Security of Milwaukee believes that 1.2 billion username and password combinations, as well as over 500 million email addresses, have been compromised by a group of hackers working closely together out of a small city in south central Russia.

Alex Holden, Hold Security’s founder and chief information security officer, told journalists at the Times that the stolen records were lifted by the hackers from around 42,000 websites from all realms of the web.

Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Holden told the Times. “And most of these sites are still vulnerable.”

Yet even after other recent security breaches have spawned calls from both the public and political spheres for increased protection on the web, the Times reported that the latest discovery spotted by Holden’s crew “dwarfs those incidents,” including last year’s high-profile hack of retailer Target and the subsequent stealing of roughly 40 million credit card numbers and other sensitive data.

Holden told the paper that his team has begun the process of alerting victims of the breach, but said “Most of these sites are still vulnerable” when he spoke to journalists at the Times ahead of the Tuesday article.

Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic,” Nicole Perlroth and David Gelles wrote for the Times. “Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.”

According to Holden, the operation is spearheaded by a group of roughly a dozen hackers in their 20s who first made a splash by buying stolen data off the black market, but then began to work with another, unnamed hacking collective, he believes, this past April.

There is a division of labor within the gang,” Holden told the paper. “Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.”

According to the Hold Security founder, no nexus has been identified linking the hackers to the Russian government. Earlier this year, however, the US Department of Justice indicted several Chinese individuals accused of committing computer intrusions on behalf of the nation’s People Liberation Army, and later acknowledged that authorities were aiming to take down cybercriminals in Russia as well. Then last month, the 30-year-old son of a Russian MP was apprehended by US authorities abroad and charged with stealing and selling US citizens’ credit card data between 2009 and 2011.