What Has Happened?
In what is undoubtedly the largest known data breach to occur, a Russian cyber crime ring has stolen over a billion personal credentials including usernames, passwords and email addresses from internet users.
Milwaukee based information security firm, Hold Security, detected the records had been stolen from approximately 420,000 websites. These targeted websites included anyone from Fortune 500 companies to very small, relatively unknown websites from all over the world, including Russia.
It appears that the criminals have not sold many of the records online, which would be extremely lucrative if sold on the black market. Instead, the stolen information is being used to send spam on several social network sites such as Twitter, and collecting fees for doing do.
Based upon the investigation carried out by Hold Security, the hacking group is located in a small city in south central Russia. The group is suspected to consist of less than a dozen men in their 20’s who appear to know each other personally, not just virtually. They are essentially operating as a small business, each employee with their designated role to carry out whether that be writing the programming or stealing the data.
How Did They Do It?
It is believed that this particular hacking group have been able to carry out their attack on a mass scale using botnets. Botnets can be described as networks of ‘zombie’ computers that have been infected with a virus. Any time an infected user visits a website, the hackers instruct the botnet to test that website to see if it is susceptible to the common hacking technique known as an SQL injection.
If the website is determined to be vulnerable, the hackers are then able to enter a command causing the database to expose its contents. Once a website is identified as vulnerable, the hackers flag the site and return at another time to remove the full contents of the database.
Although this particular group only formed in 2011 as amateur spammers, in April this year they embarked upon a much larger, more sophisticated attack by merging with another entity to share hacking techniques and tools. By July, the hacking group had been able to collect approximately 4.5 billion records, each with a username and password.
After cleaning the data of duplicates, Hold Security found that 1.2 billion of those stolen records were unique. Of that, 542 million email addresses were also determined to be unique as people tend to use multiple email addresses across different websites.
While none of the companies who have been breached have yet been publicly revealed, it is confirmed that a large number of the websites effected remain vulnerable. Hold Security have begun the task of informing breached companies however, they have not been successful in reaching every website.
Protect Yourself Online
This particular case again highlights a number of important factors for both businesses and internet users. For businesses, it reiterates the importance of implementing a strong cyber security strategy with the correct measures in place to ensure the data of your customers is kept as secure as possible.
If you would like some assistance in developing your cyber security plan, there are a number of internet security firms out there who can audit your current network security status and from there, create a strategy to ensure you have the right procedures in place to protect your business data.
For internet users, it is extremely important that you regularly update your passwords and make sure they are complex (containing letters, numbers and symbols etc) and you have a different password for every username you have.
For further information about how to create a secure password, Windows have provided some easy to follows tips for internet users.