Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Russian “cyber” criminals gather 1.2 billion user ID/password combinations

Options
  • 06-08-2014 1:35pm
    #1
    Impetus
    Registered Users Posts: 1,667 ✭✭✭


    http://www.holdsecurity.com has announced the discovery of a security breach involving 500 million email addresses and the same passwords are being used to access multiple websites in many cases. The gang is believed to be about a dozen people in their early 20s who live in the same town in Russia and know each other personally (rather than being “Facebook friends”).

    Botnets gather the passwords, which one suspects are being sold on the black market for lots of $$$. A big volume business opportunity for them - one suspects that in the place where these people are based there is little else to do.

    http://www.faz.net/aktuell/wirtschaft/netzwirtschaft/netzkriminalitaet-gigantischer-passwort-klau-aufgedeckt-13083646.html


Comments

  • Options
    #2
    Khannie
    Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    New york times article.


  • Options
    #3
    LoLth
    Moderators, Technology & Internet Moderators Posts: 10,339 Mod ✭✭✭✭LoLth


    hmmm SQL injections attacks.... large companies....really?

    not too thrilled at the hold fast security company offering to check if a company was affected for a fee. that's a bit too far down the mercenary path for my liking. Also, do they have the DB? Did they catch those responsible?

    It is also a bit irresponsible of them to know for seven months that there was a botnet operating and not inform anti-malware companies or any large organisations with public trust that may have been spreading it.

    all a bit vague and the ceo of the company looks too posery for my liking. (look! I has multiple laptops and monitors! sooo many that I cannot move the mouse on my desk properly!). If I had a spidey sense it would be tingling right about now....


  • Options
    #4
    Impetus
    Registered Users Posts: 1,667 ✭✭✭Impetus


    When I first read the story it smelled of a publicity stunt to promote a "security product" that was not yet ready for market. But when I considered the issue of the alleged gang living in a remote part of Russia, where perhaps the word spread of an easy-money lark to exploit, and the lack of "security co-operation" between RU and the "west", I moved to think that perhaps there was no smoke without fire.

    Knowing what "idiots" the vast majority of computer users are (in terms of using the same password over and over, and clicking on links received from email and not having up to the minute flash installed etc etc) added to this feeling.

    And the rubbishy condition of the typical software package. Microsoft Outlook 13 has many of the defects one might have found a decade ago in 2003. After a Microsoft update about a month ago, my Outlook 2013 stopped checking the server for new email. After a few weeks it fixed itself. Which smells like negligently written code. While these are superficial matters, I don't believe that the stuff under the hood is any better in terms of security vulnerabilities. The contrary.


  • Options
    #5
    Rucking_Fetard
    Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    Khannie wrote: »
    New york times article.
    So far, the criminals have not sold many of the records online. Instead, they appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work.
    The whole story had an air of Bullsh1t to me. That bit in particular.
    LoLth wrote: »

    all a bit vague
    The Russian 'hack of the century' doesn't add up

    Nice little summary.


  • Options
    #6
    timmywex
    Registered Users Posts: 2,626 ✭✭✭timmywex


    Was skeptical, now someone dug a bit deeper!

    http://www.youarenotpayingattention.com/2014/08/08/the-lie-behind-1-2-billion-stolen-passwords/


  • Advertisement
  • Options
    #7
    Rucking_Fetard
    Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    timmywex wrote: »
    Was skeptical, now someone dug a bit deeper!

    http://www.youarenotpayingattention.com/2014/08/08/the-lie-behind-1-2-billion-stolen-passwords/
    Yea, yer man kerbs did himself no favours pimping Holden in his blog earlier in the week, he had to edit the Article after he was outed as Special Advisory/Best Bud.

    Getting a good slagging all week.


  • Options
    #8
    industrialhorse
    Registered Users Posts: 203 ✭✭industrialhorse


    I think it is really easy to be misled in the world of information security. When this story broke earlier in the week, I flipped and got onto my boss telling him there is no need to panic, but it's best that we panic anyway. By friday I had to go to my boss again after seeing an article on PC World website which rightly asked questions about this supposed breach.

    What I have learned from this debacle so far? that there is a hell of a lot of learning ahead for me in years to come and this learning curve will probably never see the end in sight:)


  • Options
    #9
    Rucking_Fetard
    Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    Gang behind '1.2 billion' megahack ransack is pwning our customers – hosting firm


  • Options
    #10
    LoLth
    Moderators, Technology & Internet Moderators Posts: 10,339 Mod ✭✭✭✭LoLth


    Rucking_Fetard wrote: »
    Gang behind '1.2 billion' megahack ransack is pwning our customers – hosting firm

    wait....so some unknown entity is using a bot to systematically knock on legitimate users' doors and is succeeding sometimes.

    And, because it couldn't be data from Namecheap's database (really? not an old copy that got leaked or maybe a backup tape that went missing form offsite storage or recovered from a server hard drive flogged on ebay?, which would explain why only some credentials are working, others have been changed since),

    and its definitely not password information obtained from one of the many recent large corporate hacks (like Adobe mentioned) and re-used in namecheap, because namecheap KNOW for a fact that none of their customers use any other service that requires user/pass combos and even if they do, they definitely don't re-use then on namecheap...oh wait....

    it *has* to be CyberVor the biggest most evilest, hackiest RUSSIAN threat out there that was reported in a storm of publicity based on very little actual evidence or verifiable proof beyond the word of a security consultancy that offered to charge people to check if they had been affected......

    this is all so vague and bandwagon that imho, its doing more harm that good because its becoming the boy who cried wolf or at the least a lame attempt to shift focus... "Johnny! did you eat that chocolate?" "No! honest! it was...ehhhh....the chocolate monster, well known for eating any chocolate left unprotected... I didn't see it but someone once said it existed and the proof is there where your chocolate used to be! No chocolate = chocolate monster attack!"

    maybe I'm wrong and I'm being all cynical and jaded for nothing...


  • Options
    #11
    LoLth
    Moderators, Technology & Internet Moderators Posts: 10,339 Mod ✭✭✭✭LoLth


    dammit...now I want chocolate....


  • Advertisement
Advertisement