Russian hacker gang steals with impunity, says researcher
Those behind Coreflood botnet snag 463k usernames, access to jacked bank accounts
Computerworld - The Russian hacker gang using a Microsoft administration tool to steal passwords has cashed in big time for years, the researcher who has tracked the group's crimes said today.
A sampling of 11% of the stolen accounts found in one directory on the gang's command-and-control server found more than a quarter-million dollars at risk, said Joe Stewart, director of malware research at Atlanta-based SecureWorks Inc.
Stewart laid out that and more on Thursday as he detailed the inner workings of a cybercrime gang using the Coreflood Trojan horse to infect massive numbers of PCs, then sift through the machines for confidential information, including bank account numbers and passwords.
"The one thing that they're looking for is larger accounts that they can clean out," said Stewart. "They haven't automated the money transfer part of the process, so they're looking for the biggest accounts to get the most money the quickest."
Stewart has been releasing research on the group for more than a month as he works his way through more than 50GB of data he snatched from a server that the gang had been using as a data repository. In July, for instance, Stewart disclosed how they use a Microsoft program called PsExec to spread their password-stealing Trojan from a single infected PC to every Windows system on a company network.
In his most recent findings, Stewart spelled out how much money the group has had access to, as well as the number of users whose information was hijacked. As before, Stewart culled the information from a Coreflood command-and-control server he had helped shut down earlier this year.
Among the mountains of evidence on the server were the results of automated scripts that checked the validity of bank accounts, and in the process obtained the account balances. Of the 79 accounts the cybercrooks tested -- from among 740 stolen accounts on file in a single directory -- the highest balance was $147,000, while the averages were $4,553 for each savings account and $2,096 for each checking account.
The total exposed in the 79 accounts for which the hackers had usernames and passwords was $281,000. "And that's a conservative estimate of what they could get," said Stewart. "This was only a fraction of the accounts they had stolen."
The group has been stealing with apparent impunity for years, said Stewart; the server he accessed had been in continuous operation since 2005, for example. And they've done well, since he found approximately 463,000 usernames and passwords on the server. More than 8,400 of those were bank or credit union account usernames and passwords, while 3,200 gave access to users' credit card accounts. Stewart also found 416 online stock trading account usernames and passwords, 869 to online payment processors and 553 to payroll processors.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts