More than two million users have passwords stolen and posted online
A team of researchers who specialize in tracing online scams and hackers stumbled across a wealth of stolen data from users of sites including Facebook, LinkedIn and Twitter. The attack, affecting over two million users, was found when the team were looking into a botnet known as ‘Pony’.
A botnet is a network of hacked computers which criminal gangs across the world can share and access to carry out a number of different criminal activities. The users targeted were spread in all four corners of the globe, but further investigation which uncovered the victims’ IP addresses, revealed most were based in the Netherlands.
Of course, this kind of attack is nothing new, but it was the level of sophistication not often seen by perpetrators of such crimes which shocked the research team. Gangs using Pony have been uncovered previously, however they were more often than not considered ‘hit and run’ cases, which tend to be on a smaller scale and more easily detected.
This gang were careful to take a consistently smaller amount of details, over a sustained period. This method using more precision and patience is much less likely to alert authorities. The gang also helped themselves to data from other internet big players, including Google, Yahoo and several Russian social media sites.
Weaker than necessary
This kind of story is a PR nightmare for the likes of Facebook and Twitter, but each of the companies affected were pre-warned the news was going to break, enabling them to alert customers hit by the attack.
It was also noted that a large number of those whose data had been compromised were not following password guidelines recommended by the sites. In fact, the top 10 list of most common passwords involved included number combinations such as ‘123456789’, ‘1234’ and ‘1’.
When creating a password, an indicator showing whether or not your password is ‘weak’, ‘medium’ or ‘strong’ normally appears. A high number of these victims had used weak password combinations, but while a few were considered excellent, the majority fell into the medium category.
Andrew Mason, Security expert from RandomStorm comments:
“This just goes to show about the importance of endpoint security combined with a strong password. Even the strongest password is worthless if the endpoint it is being used on is either untrusted or trusted but insecure allowing a bonnet such as Pony to be run on it and the subsequent password key logger.
“Once the key logger is installed it is very easy to harvest usernames and passwords for whatever the user types in during the course of their normal day. By ensuring proper endpoint security and at a minimum patching and up to date AV deployment these types of attacks can be totally eliminated.
“The second area of concern from the article is the use of weak passwords. Again, without a strong password it makes the job of a hacker so much easier being able to use an automated tool to crack many passwords per second”, concluded Mr Mason.