U.S. cybersecurity experts confirmed that a gang of Russian hackers have stolen more than 1.2 billion usernames, passwords and email addresses, but the theft is only the most recent online infiltration to originate in Russia.
The largest-known subversion of log-in credentials and emails was discovered by Hold Security LLC, a security company based in Milwaukee, Wisconsin, and confirmed by secondary, independent firms. The New York Times first reported the breach on Tuesday. The theft comes as hundreds of computer security professionals descend on Las Vegas for Black Hat, a major computer-security conference.
Alex Holden, founder and chief information security officer for Hold Security, said at least 420,000 websites were affected. Holden said his own credentials are among the compromised data, but he wouldn't identify the gang or its victims, which ranged from the auto industry to hotels. The cyber gang targeted SQL databases, he said.
"It is absolutely the largest breach we've ever encountered," Holden said late Tuesday.
He said that his investigators have been monitoring the gang for seven months. “We thought at first they were run-of-the-mill spammers, but they got very good at stealing these databases,” he said. “The perpetrators are in Russia, so not much can be done. These people are outside the law.”
During the 2013 holiday shopping season, Target Corp. (NYSE:TGT), of Minneapolis, Minnesota, disclosed that cybercriminals were able to remotely access the credit card numbers and other personal information of up to 110 million Target customers. A 17-year-old Russian national from St. Petersburg was initally identified as the creator of the malicious software, known as BlackPOS.
Andrew Komarov, CEO of cybersecurity firm IntelCrawler, posed as a cybercriminal in order to chat online with the teenager, announcing in a blog post that the 17-year-old has “sold more than 40 builds of BlackPOS to cybercriminals from Eastern Europe and other countries.”
Both incidents come after the U.S. National Security Agency concluded that Russia’s official spy agency was able to enter into the Nasdaq stock market’s critical computer infrastructure in October 2010. The plot, first reported by Bloomberg Businessweek, wasn’t an attempt to destroy the Nasdaq, or even steal information, but intended to clone the Nasdaq, either as a means of incorporating U.S. financial technology into the Russian system directly, or using the Nasdaq model as a guide.
The incident sparked an investigation involving the National Security Agency, the FBI, the CIA, the Department of Defense, the Department of Homeland Security as well as the Department of the Treasury.
“We’ve seen a nation-state gain access to at least one of our stock exchanges, I’ll put it that way, and it’s not crystal clear what their final objective is,” House Intelligence Committee Chairman Mike Rogers, a Republican from Michigan, told Bloomberg in July. “The bad news of that equation is, I’m not sure you will really know until that final trigger is pulled. And you never want to get to that.”