Skip to content

Long-Running Russian Cybercrime Ring Allegedly Steals 1.2 Billion Internet Records

Download the “Russian Underground Revisited” research paper for details on the underground market.

A Russian cybercrime ring known to have been running underground operations since 2004 allegedly stole 1.2 billion Internet usernames and passwords from 420,000 websites, including Fortune 500 companies.

Details of how long it took for the Russian cybercriminal group to amass the records linked to about 500 million unique e-mail addresses are yet to be determined.

However, Trend Micro vice-president for technology and solutions JD Sherry says that the plausible single-syndicate operation could have “cornered the market and compromised over a billion credentials over an extended period of time.” The sites were likely to have been compromised via the SQL injection method, which can open information in the servers to probable theft.

The stolen Internet credentials reportedly stolen by the cybercrime ring are expected to end up in the Russian underground market, which has been running on a supply-and-demand economic model for years now.

Russian cybercrime underground forum selling stolen credit card credentials to registered members

MORE: What do you need to know about the cybercriminal underground economy?

Stolen Internet credentials are typically peddled in Russian underground forums where cybercriminals exchange information and malicious wares using the same trading principles as legitimate exchanges. The number of these forums has been growing each year, with the most popular ones such as verified.su and ploy.org having 20,000 to several hundreds of unique members.

“The Russian shadow economy is an economy of scale, one that is service-oriented and that has become a kleptocracy wherein crony capitalism has obtained a new lease on life in cyberspace,” says Trend Micro forward-looking threat researcher Max Goncharov. The amount of credentials put up for sale or used for other causes can be a source of power for the underground cybercrime ring.

MORE: A summary of basic underground cybercrime activity in Russia

Trend Micro researchers continue to look into the facts of this case. Meanwhile, it is reasonable for companies and Internet consumers to exercise caution given the probable impact this can have to your daily Internet usage or operations.
Here are a few basic Internet security practices that are doable in a few minutes but can go a long way:

  • Change your passwords. Do it now to avoid the dangers of someone accessing your accounts given the alleged massive breach; then change your passwords regularly, as a precautionary measure against future breaches.

    MORE: “How to manage your online passwords on multiple devices

  • Refrain from clicking links embedded in emails or text messages as this is the most common way cybercriminals get people to visit their malicious sites.
  • Update your software, on all your personal and company devices. Make sure you're always patched to avoid known vulnerabilities.  

 

 


Connect with us on