Subscribe to the InfoTech eNewsletter

infoTECH Feature

August 06, 2014

CyberVor: The Russian Gang Responsible for Stealing 1.2 Billion Online Credentials

Although the name is not official, the company that discovered the breach, Hold Security, named the Russian cyber gang responsible for this breach CyberVor (“vor” meaning “thief” in Russian). The company revealed the gang has amassed more than 4.5 billion stolen records, with over half a billion email addresses belonging to 1.2 billion unique credentials.

Hold Security was able to identify the gang after seven month of research. This incredible feat was accomplished by stealing more than 420,000 web and FTP sites with the help of other hackers who sold the information to CyberVor in the black market. Once they acquired the right credentials for these databases, they distributed spam to victims and installed malicious redirections on legitimate systems by launching attacks on email providers, social media, and other websites.

According to Hold Security, they changed their approach earlier this year by looking for new resources to access data from botnet networks. A botnet is any collection of PCs that have been compromised and controlled by hackers remotely to launch a variety of attacks, including distributed denial of service (DDoS).

With the botnets under their control, they were able use them to identify SQL vulnerabilities on the sites they visited, and there were more than 400,000 sites that were identified as being vulnerable to SQL injection flaws alone. An SQL injection is an attack in which malicious code is inserted into strings which are later passed to an instance of SQL server for parsing and execution. These SQL servers will execute all syntactically valid queries they receive and hackers with the right talent can even manipulate parameterized data.

After all this effort, all CybeVor had to do was exploit the vulnerabilities they exposed and steal the data from the sites' databases. The company said to the best of its knowledge, "They mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information."

Although the process required a lot of effort and precision, they were not selective when it came to stealing the information. Everyone was fair game, with the sites of small and large companies being targeted equally. Holds Security has revealed that the companies that have been compromised include industry leaders across all sectors, small organizations and even personal websites.  

The 4.5 billion credentials might seem large, but when you consider how many people have more than one email or other types of accounts, it quickly becomes clear why 1.2 billion pairs were breached with over half a billion unique emails. Since the gang cast such a wide net, many of the emails and passwords they stole could have been closed, fake, or changed. But with the sheer number of accounts that have been compromised, there is a high mathematical probability they gained access to many systems and accounts. With each breach costing more money to fix, spending resources on prevention will be much cheaper.

A study conducted by Ponemon Institute and sponsored by IBM (News - Alert), titled, "2014 Cost of Data Breach: Global Analysis”, has revealed that the average cost to a company for each breach has gone up by 15 percent compared to just a year ago, from $3.1 million to $3.5 million.

In the study, Ponemon said, "As a preventive measure, companies should consider having an incident response and crisis management plan in place. Efficient response to the breach and containment of the damage has been shown to reduce the cost of breach significantly. Other measures include having a CISO in charge and involving the company’s business continuity management team in dealing with the breach."

This incident has highlighted the limited capability of existing password technology currently being used by the vast majority of individuals and organizations. While the security needs of people and businesses vary greatly, it is nevertheless extremely important to ensure you are using the best available technology to protect your digital assets. You have options, including physical pass key tokens, biometric, single sign-on (SSO), time-synchronized one-time passwords and many others.

An important point to remember about criminal hackers is they go after targets that make their jobs easy. If you are using a mathematical-algorithm-based one-time password, it may take that hacker eight and a half years to crack it, only to find out it is useless. So make it harder for them and you will be much safer than the person who is still using "password1”.

Edited by Adam Brandt

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers