Researchers discover database with 2M stolen login credentials
The database contains stolen usernames and passwords associated with Facebook, Twitter, Google, Yahoo, and more.
Researchers have unearthed an online database full to the brim of stolen account information from popular services including Facebook, Yahoo, Twitter, and Google.
On Tuesday, the security team at Trustwave's SpiderLabs revealed in a blog post that the database contained 1.58 million stolen usernames and passwords. The login credentials were associated with 318,121 Facebook accounts, 21,708 Twitter accounts, 54,437 Google-based accounts, and 59,549 Yahoo accounts. The database also contained approximately 320,000 stolen email account credentials. The remaining number of compromised accounts on the server were FTP accounts, remote desktop details, and secure shells.
Demographically, the Netherlands seemed to be targeted the most, as 97 percent of the stolen credentials belonged to users in that country -- followed by Thailand, Germany, Singapore, and Indonesia. The United States accounted for less than 2,000 stolen credentials.
"A quick glance at the geolocation statistics above would make one think that this attack was a targeted attack on the Netherlands," the researchers said. "Taking a closer look at the IP log files, however, revealed that most of the entries from NL IP range are, in fact, a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the command-and-control server, which resides in the Netherlands as well."
This, in turn, prevents the researchers from truly knowing which countries were most targeted, if any. In addition, as more than 90 countries were accounted for on the list, it shows the cyberattack was global.
The culprit is called the Pony Botnet controller. Version 1.9 of the botnet is a powerful spy and keylogging type of malware which captures passwords and login credentials of infected users when they access applications and Internet sites. The botnet can be built and hosted directly on a Web site through a CMS control panel, where hooking up to an SQL database automatically will store details harvested from infected users.
The investigation also uncovered terrible password habits of Web site users. The most common passwords were 123456, 123456789, 1234, and simply the word password.
Will we ever learn?
This story originally appeared as "Hacker database exposed; thousands of stolen Facebook, Twitter, Google passwords found" on ZDNet
Using the built-in microphones and speakers found on PCs, the lab-created prototype malware uses inaudible audio signals to transmit small amounts of data over covert channels at distances of nearly 65 feet. The distance can be increased by creating a network of devices that repeat the signals.
The proof-of-concept software, detailed in the Journal of Communications, suggests that a lack of an Internet connection isn't enough to insulate sensitive internal computer systems from the outside world. The research comes after the recent disclosure of mysterious malware that used high-frequency signals to hurdle between non-networked devices.
Using the microphones and speakers on a pair of Lenovo T400s, the researchers adapted software originally created to facilitate robust underwater communications. Originally developed by the Research Department for Underwater Acoustics and Marine Geophysics and based on an open-source development toolkit for signal processing, the adaptive communication system modem was able to transmit data of 20bps up to 19.7 meters (64.6 feet) apart. Greater distances could be achieved by forming an acoustical mesh network with the addition of nearby devices to the chain.
Despite the small transmission rates, the researchers warned that attackers could arm the malware with keyloggers to record sensitive information, such as login credentials.
"The concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered," the researchers wrote.
As countermeasures, the researchers propose using a host-based intrusion detection system for analyzing audio signals and a low-pass filter that allows low-frequency signals to pass while gradually reducing the force of higher frequency signals.
[Via Ars Technica
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions