Russian hacker gang steals with impunity, says researcher
Those behind Coreflood botnet snag 463k usernames, access to jacked bank accounts
Computerworld - The Russian hacker gang using a Microsoft administration tool to steal passwords has cashed in big time for years, the researcher who has tracked the group's crimes said today.
A sampling of 11% of the stolen accounts found in one directory on the gang's command-and-control server found more than a quarter-million dollars at risk, said Joe Stewart, director of malware research at Atlanta-based SecureWorks Inc.
Stewart laid out that and more on Thursday as he detailed the inner workings of a cybercrime gang using the Coreflood Trojan horse to infect massive numbers of PCs, then sift through the machines for confidential information, including bank account numbers and passwords.
"The one thing that they're looking for is larger accounts that they can clean out," said Stewart. "They haven't automated the money transfer part of the process, so they're looking for the biggest accounts to get the most money the quickest."
Stewart has been releasing research on the group for more than a month as he works his way through more than 50GB of data he snatched from a server that the gang had been using as a data repository. In July, for instance, Stewart disclosed how they use a Microsoft program called PsExec to spread their password-stealing Trojan from a single infected PC to every Windows system on a company network.
In his most recent findings, Stewart spelled out how much money the group has had access to, as well as the number of users whose information was hijacked. As before, Stewart culled the information from a Coreflood command-and-control server he had helped shut down earlier this year.
Among the mountains of evidence on the server were the results of automated scripts that checked the validity of bank accounts, and in the process obtained the account balances. Of the 79 accounts the cybercrooks tested -- from among 740 stolen accounts on file in a single directory -- the highest balance was $147,000, while the averages were $4,553 for each savings account and $2,096 for each checking account.
The total exposed in the 79 accounts for which the hackers had usernames and passwords was $281,000. "And that's a conservative estimate of what they could get," said Stewart. "This was only a fraction of the accounts they had stolen."
The group has been stealing with apparent impunity for years, said Stewart; the server he accessed had been in continuous operation since 2005, for example. And they've done well, since he found approximately 463,000 usernames and passwords on the server. More than 8,400 of those were bank or credit union account usernames and passwords, while 3,200 gave access to users' credit card accounts. Stewart also found 416 online stock trading account usernames and passwords, 869 to online payment processors and 553 to payroll processors.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!