Law enforcement will assess the data and establish the accuracy of the claims

Aug 21, 2014 14:23 GMT  ·  By

The US Federal Bureau of Investigation has initiated an investigation for determining the accuracy of information that a Russian cybercriminal gang could hold 1.2 billion stolen credentials.

The CyberVor gang, as it was dubbed by Hold Security, is allegedly in possession of the impressive amount of passwords and usernames, as a result of collecting it through different means.

According to Hold Security, they started by purchasing this type of information on underground forums, from other cybercriminals.

Then they started attacking services known to attract a large number of visitors, such as social networks and webmail providers, thus increasing the database.

In a third step that led to amassing this quantity of details, CyberVor relied on botnets to assess the websites visited by the owners of the infected computers for SQL injection vulnerabilities.

Hold Security, the company that broke the news, says that the entire database actually contains 4.5 billion records, but only 1.2 billion of them have been determined to be unique; these connect to more than 500 million email addresses.

The company also said that more than 420,000 websites and FTP locations have been probed by the botnet under the control of CyberVor.

There was no discrimination as far as the online locations were concerned, the crooks collecting log-in details for both large and small businesses.

After news got out about a single entity holding the massive collection, many online voices speculated that the announcement was just a way for Hold Security to promote their products, especially since there could not be better timing, with the annual Black Hat USA security conference being about to open the presentation sessions.

According to Chicago Tribune, the FBI has started to investigate the claims, the publication quoting FBI spokesman Josh Campbell saying that more information would be revealed as the matter becomes clearer:

“The FBI is investigating the recently reported incident involving the potential compromise of numerous user names and passwords, and will provide additional information as the nature and scope of the incident becomes clearer.”

Some security experts were called out to verify the authenticity of the information and, based on a database provided by Hold Security, stated that the records are real.

Even if the number of credentials is very high, there is evidence to support that a single cybercriminal group could, in fact, amass the information over a longer period of time.

Robert Capps, senior director of customer success at RedSeal Networks, a company offering end-to-end network visibility and analytics to prevent cyber-attacks, told us via email that “while the current disclosure is unsettling for consumers, security professionals have long believed that cybercriminals were combining stolen consumer data from multiple breaches, to make their attacks more effective. This confirms their suspicions.”