SweX 871 Posted August 7, 2014 Share Posted August 7, 2014 Somewhere in a small city in south central Russia, a group of men in their twenties have got away with what some are describing as one of the biggest cyber-heists in history. The gang, which has been dubbed “CyberVor” (“vor” means “thief” in Russian) by security researchers, is thought to be in possession of the largest known haul of stolen internet credentials – 1.2 billion usernames and passwords, together with 542 million email addresses. And the data has been stolen from some 420,000 different websites. hxxp://www.welivesecurity.com/2014/08/06/cybervor-hacking-gang/ Link to comment Share on other sites More sharing options...
SweX 871 Posted August 7, 2014 Author Share Posted August 7, 2014 The biggest problem, as Forbes's Kashmir Hill and The Wall Street Journal's Danny Yadron have noted, is that Hold Security is already capitalizing on the panic, charging a $120-per-year subscription to anyone who wants to check if their name and password are on the list. Hold says it's just trying to recoup expenses, but there's something unseemly about stoking fears of cybercrime and then asking concerned citizens to pay up. It also gives Hold a clear incentive to lie to reporters about how large and significant the finding is. hxxp://www.theverge.com/2014/8/6/5973729/the-problem-with-the-new-york-times-biggest-hack-ever Link to comment Share on other sites More sharing options...
SweX 871 Posted August 7, 2014 Author Share Posted August 7, 2014 (edited) How did this occur? Initially, the gang acquired databases of stolen credentials from fellow hackers on the black market. These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems. Earlier this year, the hackers altered their approach. Through the underground black market, the CyberVors got access to data from botnet networks (a large group of virus-infected computers controlled by one criminal system). These botnets used victims’ systems to identify SQL vulnerabilities on the sites they visited. The botnet conducted possibly the largest security audit ever. Over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone. The CyberVors used these vulnerabilities to steal data from these sites’ databases. To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totaling over 1.2 billion unique sets of e-mails and passwords. And like a coincidence ESS V8 have something for just that... "Botnet protection to detect and block communication of bots if running on computer" Good timing by ESET Edited August 7, 2014 by SweX Link to comment Share on other sites More sharing options...
rugk 397 Posted August 8, 2014 Share Posted August 8, 2014 The biggest problem, as Forbes's Kashmir Hill and The Wall Street Journal's Danny Yadron have noted, is that Hold Security is already capitalizing on the panic, charging a $120-per-year subscription to anyone who wants to check if their name and password are on the list. Hold says it's just trying to recoup expenses, but there's something unseemly about stoking fears of cybercrime and then asking concerned citizens to pay up. It also gives Hold a clear incentive to lie to reporters about how large and significant the finding is. hxxp://www.theverge.com/2014/8/6/5973729/the-problem-with-the-new-york-times-biggest-hack-ever But this currently only affects business users.1 Private users can already register here for free, but only only 30 days long (ca. until 2014-09-06)! 1: Link to site for business users: hxxp://www.holdsecurity.com/services/deep-web-monitoring/bns/ Source: hxxp://www.pcwelt.de/news/Russische_Hacker_erbeuten_1_2_Milliarden_Nutzernamen_und_Passwoerter-Groesster_Datendiebstahl_aller_Zeiten-8845314.html (German) automatic translation by Bing Translator Link to comment Share on other sites More sharing options...
SweX 871 Posted August 8, 2014 Author Share Posted August 8, 2014 Yes but I don't want to register anywhere. I wait until a list popups somewhere wich it will sooner or later. Link to comment Share on other sites More sharing options...
rugk 397 Posted August 8, 2014 Share Posted August 8, 2014 (edited) I wait until a list popups somewhere wich it will sooner or later. If you are a visitor of such sites , where this list can "popup"... And if maybe it won't be complete. Edited August 8, 2014 by rugk Link to comment Share on other sites More sharing options...
SweX 871 Posted August 8, 2014 Author Share Posted August 8, 2014 I wait until a list popups somewhere wich it will sooner or later. If you are a visitor of such sites , where this list can "popup"... And if maybe it won't be complete. If I find it I can let you know . No maybe it won't be the whole list, but then of course I am not a member of all of the websites on the list. But it's pointless to change passwords now if the "problem" has not been fixed on their side yet, and I doub't all of them have done that already. Link to comment Share on other sites More sharing options...
Recommended Posts