Russian Cyberthieves Steal 1.2B Passwords
More than 420,000 websites may be compromised
LAS VEGAS Security researchers say a Russian crime ring has pulled off the largest known theft of confidential Internet information, including 1.2 billion user name and password combinations and more than 500 million e-mail addresses. The cybergang injected malicious code to steal databases from at least 420,000 websites, says Alex Holden, founder and chief information security officer for Hold Security in Milwaukee. “It is absolutely the largest breach we’ve ever encountered,” Holden said late Tuesday. Most unsettling, he said, was finding his own credentials among the compromised data.
Hold Security cybersleuths have been monitoring the gang for about seven months but only recently realized the magnitude of its operation, Holden said. “We thought at first they were run-of-the-mill spammers,” he said, “but they got very good at stealing these databases.” Holden won’t identify the gang, but he says his investigators know their names and locations. “The perpetrators are in Russia, so not much can be done. These people are outside the law,” he said. Hold Security said it is trying to contact the victims, but most of the websites remain vulnerable. Holden would not identify the victims but said they included the auto industry, real estate, oil companies, consulting firms, car-rental businesses, hotels, computer hardware and software firms and the food industry. The gang targeted SQL databases, Holden said. The New York Times first reported the breach Tuesday.
Word comes as hundreds of the world’s computer security professionals gather here for the Black Hat conference. While the breach appears to be large, it’s still hard to say if it’s the biggest that has ever been discovered, said Marc Maiffret, chief technical officer at BeyondTrust, a Phoenix-based computer security company. “There’s always lots of changes when the dust settles; it takes months to know” how important a breach was, he said. The cache of credentials was created by taking advantage of the two most common types of hacking — attacking websites to gain access to underlying databases, as well as going after individuals and “everyday e-mail,” Maiffret said. “It’s really a perfect storm” of an attack.
BRIAN A. JACKSON, GETTY IMAGES/ISTOCKPHOTO
Large companies need to acknowledge that modern-day hackers are likely “much better funded than they are,” said security expert Sharon Vardi, who is the chief marketing officer of Securonix. “These guys are really well funded. These are not 16-year-old kids playing around. They are backed by millions of dollars to get the job done,” he said. Describing the breach as “easily five times the size of the Target breach,” Vardi said that most organizations are not set up to defend these types of attacks. “They are not monitoring anomalies in their networks to detect these breaches quickly,” he said.
Leinwand Leger reported from McLean, Va., Guynn from San Francisco
CED Solutions is a Cisco Learning Partner, Microsoft Gold Learning Partner and the #1 location for Microsoft Certifications in North America for the last 6 years combined. CED Solutions is a CompTIA Partner, EC Council Partner, and many others and is one of the largest providers of training in North America. The Atlanta facility provides IT training for up to 300 students per day, with separate buildings dedicated to training. CED Solutions provides training for up to 10,000 students per year and students take up to 800 certification exams every two weeks.
CED Solutions provides training and certification for MCSD: SharePoint 2013 Applications Developer; MCSE: SharePoint 2013; Cisco CCNA; Cisco CCNP; Cisco CCNA Security; Cisco CCNP Security; Cisco CCNA Voice; Cisco CCNP Voice; Microsoft MCSA: Windows 2012 Server; MCSA: Windows 2008 Server; MCSA: SQL 2012 Server; MCSE: Business Intelligence SQL 2012 Server; MCSE: Data Platform SQL 2012 Server; MCSE: Desktop Infrastructure Windows 2012 Server; MCSE: Server Infrastructure Windows 2012 Server; MCPD: 6 Cert Visual Studio Developer; MCSD: Windows Store Apps C#; MCSD: Windows Store Apps HTML5; IT Healthcare Technician and many more.
CED Solutions, LLC, www.cedsolutions.com, info@cedsolutions.com, (800) 611-1840