FBI seeks hacker after 1.2 billion logins are stolen

[CtW]

Source: http://www.bbc.com/news/technology-34920557

 

 

The FBI has linked a hacker to the theft of 1.2 billion internet credentials - the largest heist of its kind.

 

A hacker known as "mr.grey" is named in court documents filed by the bureau last year, according to the Reuters news agency.

 

The hacker was linked to the stolen logins via a Russian email address.

 

Previously, "mr.grey" had advertised the credentials to Facebook and Twitter accounts for sale online.

 

It was the American cyber security firm Hold Security that initially reported the theft of the credentials and an additional 500 million email addresses last year.

 

The Russian crime ring responsible for stealing the data - dubbed CyberVor - had breached more than 420,000 websites, according to Hold Security.

 

In August, the firm said, "To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of e-mails and passwords."

 

Hold Security then began marketing a "breach notification service" to users concerned that their details had been affected, for $120 (£71) per month.

 

Whatever the identity of the perpetrator behind the CyberVor breach, the method used was something of a departure from how botnets - large networks of computers linked together maliciously - are usually used, according to Dave Palmer, director of technology at security firm Darktrace.

 

"What's interesting about this is botnets are usually used to harness their massive scale to attack an individual target - like taking computer games consoles down last Christmas for example," he told the BBC.

 

"It's instead been used as a massive scanner scanning websites all around the world for weaknesses."

 

Mr Palmer added that the vulnerabilities which allowed computers to be drafted into such botnets as well as the flaws in websites which meant login details could be hacked were preventable.

 

"We're still getting caught out by these attacks," he said.

Holy crap that is a ton of user info. I really hope I'm not affected by this although that seems unlikely. It would be helpful to know which sites were hit, but given the sheer amount of credentials and affected sites, its likely many of the sites i and other people use are affected. I hope nothing too bad comes of this and that the FBI catches who did this.

[Overkilled]

So?

[Sir Asvald]

Thanks like the whole of India.

[Mastorbinho69]

thats banter 

[DevilishBooster]

I find it crazy that the FBI or CIA don't hire people like him/her. Put those skills towards a moral cause and get paid a good amount of moola, too

They would love to, but the unfortunate truth is that the people like this aren't interested in working for a government at all and, from what I have read, a lot of them truly get enjoyment out of knowing they are doing something malicious.

[AresKrieger]

Stealing info is easy, which is why I don't bank online at all, and have fraud protection on my credit card so I'm not liable

[Ghostay]

Thanks like the whole of India.

Or Russia, US, France, UK, Japan, Germany, Canada, South Korea

 

IIRC that makes 1.2 billion, or with in 100 million.

[Sidiox]

LOL that guy... But its 1.2Billion over how many years... The guy just scanned and scanned for weaknesses... This is exactly why passwords should always be encrypted in a strong way when stored on a server

[DevilishBooster]

Yeah, you're probably right. I bet they enjoy the thrill and attention they receive after doing stuff like this.

 

Still a shame though.

I know right? Like, imagine what you could accomplish in computer tech/OS/program advancements if you could take say the top 10 hackers in the world and have them work together for just one year!

 

I hate humans. Like so much. People can be cool, but humans are fucking assholes. I wish we would be visited by aliens so that we could finally move past all the stupid petty differences in the world and actually move forward together towards a common "man-kind" goal. Kinda like in Star Trek. :unsure:

[Noctus]

I know right? Like, imagine what you could accomplish in computer tech/OS/program advancements if you could take say the top 10 hackers in the world and have them work together for just one year!

 

I hate humans. Like so much. People can be cool, but humans are fucking assholes. I wish we would be visited by aliens so that we could finally move past all the stupid petty differences in the world and actually move forward together towards a common "man-kind" goal. Kinda like in Star Trek. :unsure:

 

 

The is the most glorious solution to ending international issues that I have ever read. We should be funding this

 

You seriously think the governments would set them to work on that (or anything like that?)? More like put to use for military applications. Immediate gratification rather than long term world goals (unless it involves money making) is the mandate of most governments.

[DevilishBooster]

You seriously think the governments would set them to work on that (or anything like that?)? More like put to use for military applications. Immediate gratification rather than long term world goals (unless it involves money making) is the mandate of most governments.

Like a said, humans are fucking ass-holes....

[Jerakl]

I like how the security firm started a service to protect the credentials whatever after it happened.

 

Shady af.

[Noctus]

I like how the security firm started a service to protect the credentials whatever after it happened.

 

Shady af.

Security Firm:

 

*hires hacker to steal shit

*hacker sells stolen shit for mega profits

*security firm gets a cut

*security firm creates "service" to protect things like this happening

*sells licenses to everyone ensuring they make more money

 

Wouldn't be surprised if this is how it happened lol.

[Jerakl]

Security Firm:

 

*hires hacker to steal shit

*hacker sells stolen shit for mega profits

*security firm gets a cut

*security firm creates "service" to protect things like this happening

*sells licenses to everyone ensuring they make more money

 

Wouldn't be surprised if this is how it happened lol.

 

Precisely my thinking

[captain cactus]

I read that as 1.2 million first and then realized I needed to get my eyes checked.

[Fetzie]

I find it crazy that the FBI or CIA don't hire people like him/her. Put those skills towards a moral cause and get paid a good amount of moola, too

They do, when they find them. But you've got to catch them first.

[Swndlr]

I find it crazy that the FBI or CIA don't hire people like him/her. Put those skills towards a moral cause and get paid a good amount of moola, too

These types of people usually have a reason to go against the government and public society.

[Blade of Grass]

LOL that guy... But its 1.2Billion over how many years... The guy just scanned and scanned for weaknesses... This is exactly why passwords should always be encrypted in a strong way when stored on a server

Passwords shouldn't be encrypted though, because that allows the attacker to decrypt every password by stealing the encryption key.

Instead they should be hashed (think of it like irreversible encryption).

[Sidiox]

Passwords shouldn't be encrypted though, because that allows the attacker to decrypt every password by stealing the encryption key.

Instead they should be hashed (think of it like irreversible encryption).

Well yeah that is what I meant ofc

[Overkilled]

I find it crazy that the FBI or CIA don't hire people like him/her. Put those skills towards a moral cause and get paid a good amount of moola, too

if I read correctly it was emails and passwords not necessarily bank accounts

[MDPS]

I...just...that picture. Why would you want your mouse directly in front of your monitor in dead center?

[Overkilled]

Well, IIRC, all you need is an email and password to sign into online checking accounts.

yeah I know what I meant want it wasn't necessarily the passwords to 1.2 billion bank accounts, it be a fair bet to say a decent percentage of the 1.2 billion are kids

[Prysin]

I find it crazy that the FBI or CIA don't hire people like him/her. Put those skills towards a moral cause and get paid a good amount of moola, too

they do...

 

generally these people get two choices...

Work or guantanamo (or whatever equivalent FBI/CIA has hidden somewhere else that the media doesnt know about yet)

[Blade of Grass]

Well yeah that is what I meant ofc

I know, it was more for other people reading the thread and don't

[Matacks]

Best thing it to change your passwords a lot.